Vulnerabilities > Redhat > Enterprise Linux

DATE CVE VULNERABILITY TITLE RISK
2017-10-05 CVE-2017-1000111 Out-of-bounds Write vulnerability in multiple products
Linux kernel: heap out-of-bounds in AF_PACKET sockets.
local
low complexity
linux redhat debian CWE-787
7.8
2017-09-19 CVE-2015-7837 7PK - Security Features vulnerability in Redhat products
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.
local
low complexity
redhat CWE-254
2.1
2017-09-14 CVE-2015-7553 Race Condition vulnerability in Redhat Enterprise Linux, Enterprise MRG and Kernel-Rt
Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.
local
high complexity
redhat CWE-362
4.7
2017-08-19 CVE-2017-10661 Use After Free vulnerability in multiple products
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
local
high complexity
linux redhat debian CWE-416
7.0
2017-08-11 CVE-2017-3106 Incorrect Type Conversion or Cast vulnerability in multiple products
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files.
network
low complexity
redhat adobe CWE-704
8.8
2017-08-11 CVE-2017-3085 Open Redirect vulnerability in multiple products
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.
network
low complexity
adobe redhat CWE-601
7.4
2017-08-10 CVE-2014-0143 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.
local
high complexity
redhat qemu CWE-190
7.0
2017-07-17 CVE-2016-6312 Resource Exhaustion vulnerability in Redhat Enterprise Linux 5.11
The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash).
network
low complexity
redhat CWE-400
6.5
2017-07-17 CVE-2016-4984 Race Condition vulnerability in Openldap Openldap-Servers
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
1.9
2017-06-26 CVE-2017-9953 Use After Free vulnerability in multiple products
There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26.
network
low complexity
exiv2 redhat CWE-416
5.0