Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-10 | CVE-2016-5018 | In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. | 9.1 |
| 2017-08-10 | CVE-2016-0762 | Information Exposure Through Discrepancy vulnerability in multiple products The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. | 5.9 |
| 2017-08-10 | CVE-2014-0143 | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes. | 7.0 |
| 2017-08-09 | CVE-2015-3405 | Insufficient Entropy vulnerability in multiple products ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | 7.5 |
| 2017-08-08 | CVE-2017-3653 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 3.1 |
| 2017-08-08 | CVE-2017-3651 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). | 4.3 |
| 2017-08-08 | CVE-2017-3641 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 4.9 |
| 2017-08-08 | CVE-2017-3636 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). | 5.3 |
| 2017-08-08 | CVE-2017-10243 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). | 6.5 |
| 2017-08-08 | CVE-2017-10198 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). | 6.8 |