Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2018-02-28 CVE-2018-7568 Integer Overflow or Wraparound vulnerability in multiple products
The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.
local
low complexity
gnu redhat CWE-190
5.5
2018-02-28 CVE-2018-1304 The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition.
network
high complexity
apache redhat debian canonical oracle
5.9
2018-02-28 CVE-2017-12191 Unspecified vulnerability in Redhat Cloudforms 4.5
A flaw was found in the CloudForms account configuration when using VMware.
network
low complexity
redhat
7.4
2018-02-27 CVE-2018-7549 Improper Input Validation vulnerability in multiple products
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
network
low complexity
zsh redhat canonical CWE-20
7.5
2018-02-27 CVE-2017-15136 Unspecified vulnerability in Redhat Satellite 6.0
When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.
network
low complexity
redhat
2.7
2018-02-26 CVE-2018-7489 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2018-02-23 CVE-2018-6764 Origin Validation Error vulnerability in multiple products
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
local
low complexity
redhat debian canonical CWE-346
7.8
2018-02-19 CVE-2017-18191 An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1.
network
low complexity
openstack redhat
7.5
2018-02-19 CVE-2018-7225 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in LibVNCServer through 0.9.11.
network
low complexity
libvncserver-project debian canonical redhat CWE-190
critical
9.8
2018-02-19 CVE-2018-5379 Double Free vulnerability in multiple products
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes.
network
low complexity
quagga debian canonical redhat siemens CWE-415
critical
9.8