Redhat: Security Vulnerabilities
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.
CVSS Score
5.9
EPSS Score
0.021
Published
2018-06-13
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVSS Score
8.2
EPSS Score
0.001
Published
2018-06-13
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-06-12
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-06-12
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-12
routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-06-12
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
CVSS Score
8.1
EPSS Score
0.182
Published
2018-06-11
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
CVSS Score
9.8
EPSS Score
0.039
Published
2018-06-11
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVSS Score
7.5
EPSS Score
0.01
Published
2018-06-11
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-06-11