Redhat: >> Enterprise Linux >> 7.0 Security Vulnerabilities
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-12-18
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVSS Score
9.8
EPSS Score
0.11
Published
2018-12-07
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
CVSS Score
9.1
EPSS Score
0.027
Published
2018-12-07
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVSS Score
9.8
EPSS Score
0.052
Published
2018-12-07
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVSS Score
9.8
EPSS Score
0.093
Published
2018-12-05
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.
CVSS Score
5.3
EPSS Score
0.001
Published
2018-11-26
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
CVSS Score
8.1
EPSS Score
0.03
Published
2018-11-16
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
CVSS Score
8.0
EPSS Score
0.017
Published
2018-11-13
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-11-12
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-11-12