Vulnerabilities > Redhat > Enterprise Linux > High

DATE CVE VULNERABILITY TITLE RISK
2017-12-29 CVE-2014-8119 Improper Input Validation vulnerability in multiple products
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.
network
low complexity
redhat fedoraproject netcf-project CWE-20
7.5
2017-12-18 CVE-2017-15104 An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable.
local
low complexity
heketi-project redhat
7.8
2017-12-18 CVE-2017-15103 A security-check flaw was found in the way the Heketi 5 server API handled user requests.
network
low complexity
heketi-project redhat
8.8
2017-10-05 CVE-2017-1000253 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015).
local
low complexity
redhat centos linux CWE-119
7.8
2017-10-05 CVE-2017-1000111 Out-of-bounds Write vulnerability in multiple products
Linux kernel: heap out-of-bounds in AF_PACKET sockets.
local
low complexity
linux redhat debian CWE-787
7.8
2017-08-19 CVE-2017-10661 Use After Free vulnerability in multiple products
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
local
high complexity
linux redhat debian CWE-416
7.0
2017-08-11 CVE-2017-3106 Incorrect Type Conversion or Cast vulnerability in multiple products
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files.
network
low complexity
redhat adobe CWE-704
8.8
2017-08-11 CVE-2017-3085 Open Redirect vulnerability in multiple products
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.
network
low complexity
adobe redhat CWE-601
7.4
2017-08-10 CVE-2014-0143 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.
local
high complexity
redhat qemu CWE-190
7.0
2017-06-26 CVE-2017-9953 Use After Free vulnerability in multiple products
There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26.
network
low complexity
exiv2 redhat CWE-416
7.5