Vulnerabilities > Redhat > Enterprise Linux Workstation > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-02 | CVE-2018-7642 | NULL Pointer Dereference vulnerability in multiple products The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy. | 5.5 |
| 2018-02-28 | CVE-2018-7569 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm. | 5.5 |
| 2018-02-28 | CVE-2018-7568 | Integer Overflow or Wraparound vulnerability in multiple products The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. | 5.5 |
| 2018-02-16 | CVE-2018-1049 | Race Condition vulnerability in multiple products In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. | 5.9 |
| 2018-01-26 | CVE-2018-5750 | Information Exposure vulnerability in multiple products The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. | 5.5 |
| 2018-01-23 | CVE-2018-5683 | Out-of-bounds Read vulnerability in multiple products The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. | 6.0 |
| 2018-01-23 | CVE-2018-5950 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. | 6.1 |
| 2018-01-18 | CVE-2018-2678 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). | 4.3 |
| 2018-01-18 | CVE-2018-2677 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). | 4.3 |
| 2018-01-18 | CVE-2018-2668 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 6.5 |