Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2018-03-26 CVE-2017-15710 Out-of-bounds Write vulnerability in multiple products
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials.
network
low complexity
apache debian canonical netapp redhat CWE-787
7.5
2018-03-25 CVE-2018-8976 Out-of-bounds Read vulnerability in multiple products
In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.
network
low complexity
exiv2 debian redhat CWE-125
6.5
2018-03-23 CVE-2018-1000140 Out-of-bounds Write vulnerability in multiple products
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution.
network
low complexity
rsyslog debian canonical redhat CWE-787
critical
9.8
2018-03-22 CVE-2018-8945 Improper Input Validation vulnerability in multiple products
The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.
local
low complexity
gnu redhat CWE-20
5.5
2018-03-22 CVE-2018-8905 Out-of-bounds Write vulnerability in multiple products
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
network
low complexity
libtiff debian canonical redhat CWE-787
8.8
2018-03-20 CVE-2018-8088 org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
network
low complexity
qos redhat oracle
critical
9.8
2018-03-19 CVE-2018-7262 NULL Pointer Dereference vulnerability in multiple products
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
network
low complexity
redhat fedoraproject CWE-476
7.5
2018-03-16 CVE-2018-1199 Improper Input Validation vulnerability in multiple products
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints.
network
low complexity
vmware redhat oracle CWE-20
5.3
2018-03-16 CVE-2018-1068 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging.
local
low complexity
linux canonical debian redhat CWE-787
6.7
2018-03-14 CVE-2018-1077 XXE vulnerability in Redhat Satellite and Spacewalk
Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.
network
low complexity
redhat CWE-611
7.5