Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-1000050 | NULL Pointer Dereference vulnerability in multiple products JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | 7.5 |
| 2017-07-17 | CVE-2016-6312 | Resource Exhaustion vulnerability in Redhat Enterprise Linux 5.11 The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). | 6.5 |
| 2017-07-17 | CVE-2016-4996 | Credentials Management vulnerability in Redhat Satellite 6.3 discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console. | 7.0 |
| 2017-07-17 | CVE-2016-0764 | Race Condition vulnerability in Redhat Networkmanager Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. | 6.2 |
| 2017-07-13 | CVE-2017-9788 | Improper Input Validation vulnerability in multiple products In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. | 9.1 |
| 2017-07-07 | CVE-2017-7512 | Incorrect Authorization vulnerability in Redhat 3Scale API Management Platform Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. | 9.8 |
| 2017-06-27 | CVE-2016-7062 | Credentials Management vulnerability in Redhat Storage Console and Storage Console Node rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext. | 7.8 |
| 2017-06-27 | CVE-2015-1795 | Permissions, Privileges, and Access Controls vulnerability in Redhat Gluster Storage 3.2 Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. | 7.8 |
| 2017-06-26 | CVE-2017-9953 | Use After Free vulnerability in multiple products There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. | 7.5 |
| 2017-06-26 | CVE-2015-3315 | Link Following vulnerability in Redhat Automatic BUG Reporting Tool Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm. | 7.8 |