Vulnerabilities > Redhat > Enterprise Linux

DATE CVE VULNERABILITY TITLE RISK
2018-11-16 CVE-2018-16396 An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3.
network
high complexity
ruby-lang canonical debian redhat
8.1
8.1
2018-11-16 CVE-2018-16395 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3.
network
low complexity
ruby-lang canonical debian redhat
critical
 9.8
9.8
2018-11-13 CVE-2018-16850 SQL Injection vulnerability in multiple products
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ...
network
low complexity
postgresql redhat canonical CWE-89
critical
 9.8
9.8
2018-11-12 CVE-2018-19215 Out-of-bounds Read vulnerability in multiple products
Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.
local
low complexity
nasm redhat CWE-125
7.8
7.8
2018-11-12 CVE-2018-19214 Out-of-bounds Read vulnerability in multiple products
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.
local
low complexity
nasm redhat CWE-125
7.8
7.8
2018-11-12 CVE-2018-19208 NULL Pointer Dereference vulnerability in multiple products
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack.
network
low complexity
libwpd-project redhat suse CWE-476
6.5
6.5
2018-11-06 CVE-2018-14667 Code Injection vulnerability in Redhat Enterprise Linux and Richfaces
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource.
network
low complexity
redhat CWE-94
critical
 9.8
9.8
2018-11-02 CVE-2018-18897 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
network
low complexity
freedesktop debian canonical redhat CWE-772
6.5
6.5
2018-10-31 CVE-2018-14651 It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete.
network
low complexity
debian redhat gluster
8.8
8.8
2018-10-29 CVE-2018-18751 Double Free vulnerability in multiple products
An issue was discovered in GNU gettext 0.19.8.
network
low complexity
gnu canonical redhat CWE-415
critical
 9.8
9.8