Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-22 | CVE-2017-9775 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | 6.5 |
| 2017-06-20 | CVE-2017-7668 | Out-of-bounds Read vulnerability in multiple products The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. | 7.5 |
| 2017-06-20 | CVE-2017-3167 | Improper Authentication vulnerability in multiple products In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. | 9.8 |
| 2017-06-19 | CVE-2017-1000376 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. | 7.0 |
| 2017-06-19 | CVE-2017-1000366 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. | 7.8 |
| 2017-06-13 | CVE-2016-5411 | Credentials Management vulnerability in Redhat Quickstart Cloud Installer 0.9 /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. | 9.8 |
| 2017-06-08 | CVE-2016-7050 | Deserialization of Untrusted Data vulnerability in Redhat products SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code. | 9.8 |
| 2017-06-08 | CVE-2016-5416 | Information Exposure vulnerability in Redhat products 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions. | 7.5 |
| 2017-06-08 | CVE-2016-5405 | Information Management Errors vulnerability in Redhat products 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords. | 9.8 |
| 2017-06-08 | CVE-2016-4992 | Information Exposure vulnerability in Redhat products 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects. | 7.5 |