Redhat: >> Enterprise Linux >> 6.0 Security Vulnerabilities
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVSS Score
9.8
EPSS Score
0.108
Published
2018-12-05
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
CVSS Score
8.1
EPSS Score
0.033
Published
2018-11-16
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-11-12
Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-11-12
CVE-2018-14667
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
Known exploited
CVSS Score
9.8
EPSS Score
0.895
Published
2018-11-06
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
CVSS Score
8.8
EPSS Score
0.022
Published
2018-10-31
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-10-19
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
CVSS Score
6.5
EPSS Score
0.01
Published
2018-10-18
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.
CVSS Score
4.3
EPSS Score
0.008
Published
2018-10-18
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
CVSS Score
6.5
EPSS Score
0.007
Published
2018-10-18