Vulnerabilities > Redhat > High

DATE CVE VULNERABILITY TITLE RISK
2018-10-09 CVE-2018-17962 Integer Overflow or Wraparound vulnerability in multiple products
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
network
low complexity
qemu suse debian canonical redhat oracle CWE-190
7.5
7.5
2018-10-09 CVE-2018-17958 Integer Overflow or Wraparound vulnerability in multiple products
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
network
low complexity
qemu canonical debian redhat CWE-190
7.5
7.5
2018-10-09 CVE-2018-18074 Insufficiently Protected Credentials vulnerability in multiple products
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
network
low complexity
python canonical opensuse redhat CWE-522
7.5
7.5
2018-10-08 CVE-2018-1000807 Use After Free vulnerability in multiple products
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution..
network
high complexity
pyopenssl canonical redhat CWE-416
8.1
8.1
2018-10-08 CVE-2018-1000805 Incorrect Authorization vulnerability in multiple products
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE.
network
low complexity
paramiko redhat debian canonical CWE-863
8.8
8.8
2018-09-28 CVE-2018-14648 Resource Exhaustion vulnerability in multiple products
A flaw was found in 389 Directory Server.
network
low complexity
fedoraproject redhat debian CWE-400
7.5
7.5
2018-09-25 CVE-2018-14634 An integer overflow flaw was found in the Linux kernel's create_elf_tables() function.
local
low complexity
linux redhat canonical netapp
7.8
7.8
2018-09-25 CVE-2018-6054 Use After Free vulnerability in multiple products
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
network
low complexity
google redhat debian CWE-416
8.8
8.8
2018-09-25 CVE-2018-6043 Improper Input Validation vulnerability in multiple products
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
8.8
8.8
2018-09-25 CVE-2018-6035 Information Exposure vulnerability in multiple products
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
network
low complexity
google debian redhat CWE-200
8.8
8.8