Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-19 | CVE-2018-4944 | Incorrect Type Conversion or Cast vulnerability in multiple products Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. | 9.8 |
| 2018-05-18 | CVE-2018-11237 | Out-of-bounds Write vulnerability in multiple products An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. | 7.8 |
| 2018-05-18 | CVE-2018-11236 | Integer Overflow or Wraparound vulnerability in multiple products stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. | 9.8 |
| 2018-05-18 | CVE-2018-5256 | Information Exposure vulnerability in Redhat Tectonic CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. | 7.5 |
| 2018-05-17 | CVE-2018-1111 | DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. | 7.5 |
| 2018-05-16 | CVE-2018-11212 | Divide By Zero vulnerability in multiple products An issue was discovered in libjpeg 9a and 9d. | 6.5 |
| 2018-05-15 | CVE-2018-1087 | kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. | 7.8 |
| 2018-05-15 | CVE-2018-1131 | Deserialization of Untrusted Data vulnerability in multiple products Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. | 8.8 |
| 2018-05-12 | CVE-2018-10998 | An issue was discovered in Exiv2 0.26. | 6.5 |
| 2018-05-11 | CVE-2018-1258 | Incorrect Authorization vulnerability in multiple products Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. | 8.8 |