Vulnerabilities > Redhat > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-02-19 CVE-2018-7225 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in LibVNCServer through 0.9.11.
network
low complexity
libvncserver-project debian canonical redhat CWE-190
critical
9.8
2018-02-19 CVE-2018-5379 Double Free vulnerability in multiple products
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes.
network
low complexity
quagga debian canonical redhat siemens CWE-415
critical
9.8
2018-02-09 CVE-2018-6871 LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
network
low complexity
libreoffice debian canonical redhat
critical
9.8
2018-02-06 CVE-2018-4878 Use After Free vulnerability in multiple products
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161.
network
low complexity
adobe redhat CWE-416
critical
9.8
2018-02-06 CVE-2018-4877 Use After Free vulnerability in multiple products
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161.
network
low complexity
adobe redhat CWE-416
critical
9.8
2018-02-06 CVE-2017-7525 A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
network
low complexity
fasterxml debian netapp redhat oracle
critical
9.8
2018-02-06 CVE-2017-15095 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
network
low complexity
fasterxml debian redhat netapp oracle CWE-502
critical
9.8
2018-02-01 CVE-2018-6485 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
network
low complexity
gnu redhat oracle netapp CWE-190
critical
9.8
2018-01-24 CVE-2018-1000007 libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties.
network
low complexity
haxx debian canonical redhat fujitsu
critical
9.8
2018-01-18 CVE-2016-6814 Deserialization of Untrusted Data vulnerability in multiple products
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g.
network
low complexity
apache redhat CWE-502
critical
9.8