Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2018-03-22 CVE-2018-8905 Out-of-bounds Write vulnerability in multiple products
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
network
low complexity
libtiff debian canonical redhat CWE-787
8.8
8.8
2018-03-20 CVE-2018-8088 org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
network
low complexity
qos redhat oracle
critical
 9.8
9.8
2018-03-19 CVE-2018-7262 NULL Pointer Dereference vulnerability in multiple products
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
network
low complexity
redhat fedoraproject CWE-476
7.5
7.5
2018-03-16 CVE-2018-1199 Improper Input Validation vulnerability in multiple products
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints.
network
low complexity
vmware redhat oracle CWE-20
5.3
5.3
2018-03-16 CVE-2018-1068 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging.
local
low complexity
linux canonical debian redhat CWE-787
6.7
6.7
2018-03-14 CVE-2018-1077 XXE vulnerability in Redhat Satellite and Spacewalk
Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.
network
low complexity
redhat CWE-611
7.5
7.5
2018-03-14 CVE-2018-1000122 Out-of-bounds Read vulnerability in multiple products
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
network
low complexity
debian canonical haxx redhat oracle CWE-125
critical
 9.1
9.1
2018-03-14 CVE-2018-1000121 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
network
low complexity
debian canonical haxx redhat oracle CWE-476
7.5
7.5
2018-03-14 CVE-2018-1000120 Out-of-bounds Write vulnerability in multiple products
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
network
low complexity
debian canonical haxx redhat oracle CWE-787
critical
 9.8
9.8
2018-03-13 CVE-2018-1000127 Improper Locking vulnerability in multiple products
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list.
network
low complexity
memcached debian canonical redhat CWE-667
7.5
7.5