Enterprise Linux Server

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-17	CVE-2018-6797	Out-of-bounds Write vulnerability in multiple products An issue was discovered in Perl 5.18 through 5.26. network low complexity debian perl canonical redhat CWE-787 critical	9.8
2018-04-16	CVE-2018-10120	Improper Validation of Array Index vulnerability in multiple products The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. local low complexity debian libreoffice redhat canonical CWE-129	7.8
2018-04-16	CVE-2018-10119	Use After Free vulnerability in multiple products sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. local low complexity libreoffice debian redhat canonical CWE-416	7.8
2018-04-12	CVE-2018-1084	corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. network low complexity corosync debian redhat canonical	7.5
2018-04-11	CVE-2018-1100	zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. local low complexity zsh canonical redhat	7.8
2018-04-06	CVE-2018-1000156	Improper Input Validation vulnerability in multiple products GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. local low complexity gnu canonical debian redhat CWE-20	7.8
2018-04-03	CVE-2018-4117	Information Exposure vulnerability in multiple products An issue was discovered in certain Apple products. network low complexity apple webkitgtk canonical redhat debian CWE-200	6.5
2018-04-03	CVE-2017-7000	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in certain Apple products. network low complexity apple redhat debian chromium CWE-119	8.8
2018-04-02	CVE-2018-1094	NULL Pointer Dereference vulnerability in multiple products The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. local low complexity linux redhat canonical CWE-476	5.5
2018-03-30	CVE-2018-7566	Race Condition vulnerability in multiple products The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. local low complexity linux suse canonical debian redhat oracle CWE-362	7.8