Vulnerabilities > Redhat > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-23 | CVE-2017-17833 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. | 9.8 |
| 2018-04-17 | CVE-2018-6797 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Perl 5.18 through 5.26. | 9.8 |
| 2018-04-06 | CVE-2018-1270 | Code Injection vulnerability in multiple products Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 9.8 |
| 2018-03-26 | CVE-2018-1312 | Improper Authentication vulnerability in multiple products In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. | 9.8 |
| 2018-03-23 | CVE-2018-1000140 | Out-of-bounds Write vulnerability in multiple products rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. | 9.8 |
| 2018-03-20 | CVE-2018-8088 | org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. | 9.8 |
| 2018-03-14 | CVE-2018-1000122 | Out-of-bounds Read vulnerability in multiple products A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage | 9.1 |
| 2018-03-14 | CVE-2018-1000120 | Out-of-bounds Write vulnerability in multiple products A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. | 9.8 |
| 2018-03-13 | CVE-2018-7750 | Improper Authentication vulnerability in multiple products transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. | 9.8 |
| 2018-02-26 | CVE-2018-7489 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. | 9.8 |