Vulnerabilities > Redhat > Enterprise Linux Server TUS > High

DATE CVE VULNERABILITY TITLE RISK
2020-01-15 CVE-2020-2604 Deserialization of Untrusted Data vulnerability in multiple products
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
8.1
2020-01-14 CVE-2014-7844 Injection vulnerability in multiple products
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
local
low complexity
redhat debian bsd-mailx-project CWE-74
7.8
2020-01-13 CVE-2020-6851 Out-of-bounds Write vulnerability in multiple products
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
7.5
2020-01-08 CVE-2019-17024 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3.
network
low complexity
mozilla canonical debian redhat opensuse CWE-787
8.8
2020-01-08 CVE-2019-17017 Type Confusion vulnerability in multiple products
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash.
network
low complexity
mozilla canonical debian redhat CWE-843
8.8
2019-12-19 CVE-2019-19906 Off-by-one Error vulnerability in multiple products
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet.
7.5
2019-12-18 CVE-2018-1311 Use After Free vulnerability in multiple products
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs.
network
high complexity
apache redhat debian oracle fedoraproject CWE-416
8.1
2019-12-10 CVE-2019-13734 Out-of-bounds Write vulnerability in multiple products
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2019-11-27 CVE-2019-10216 In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
local
low complexity
artifex redhat
7.8
2019-11-25 CVE-2019-14815 A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
local
low complexity
linux redhat netapp
7.8