Vulnerabilities > Redhat > Enterprise Linux Server > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-10-03 CVE-2017-14492 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
network
low complexity
redhat debian canonical thekelleys CWE-119
critical
9.8
2017-10-03 CVE-2017-14493 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
network
low complexity
redhat debian canonical opensuse thekelleys CWE-119
critical
9.8
2017-09-14 CVE-2017-12896 Out-of-bounds Read vulnerability in multiple products
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
network
low complexity
tcpdump redhat debian CWE-125
critical
9.8
2017-09-14 CVE-2017-12899 Out-of-bounds Read vulnerability in multiple products
The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().
network
low complexity
tcpdump redhat debian CWE-125
critical
9.8
2017-09-14 CVE-2017-12902 Out-of-bounds Read vulnerability in multiple products
The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.
network
low complexity
tcpdump redhat debian CWE-125
critical
9.8
2017-09-14 CVE-2017-12987 Out-of-bounds Read vulnerability in multiple products
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
network
low complexity
tcpdump redhat debian CWE-125
critical
9.8
2017-08-31 CVE-2017-0899 Code Injection vulnerability in multiple products
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters.
network
low complexity
rubygems debian redhat CWE-94
critical
9.8
2017-08-31 CVE-2017-14064 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call.
network
low complexity
ruby-lang debian canonical redhat CWE-119
critical
9.8
2017-08-10 CVE-2016-5018 In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
network
low complexity
apache netapp canonical debian redhat oracle
critical
9.1
2017-08-08 CVE-2017-10087 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
network
low complexity
oracle debian redhat netapp
critical
9.6