Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2017-04-06 CVE-2016-8735 Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports.
network
low complexity
apache canonical netapp debian redhat oracle
critical
 9.8
9.8
2017-03-31 CVE-2014-5009 Command Injection vulnerability in multiple products
Snoopy allows remote attackers to execute arbitrary commands.
network
low complexity
snoopy redhat nagios CWE-77
critical
 9.8
9.8
2017-03-31 CVE-2014-5008 Command Injection vulnerability in multiple products
Snoopy allows remote attackers to execute arbitrary commands.
network
low complexity
snoopy redhat debian CWE-77
critical
 9.8
9.8
2017-03-31 CVE-2008-7313 Command Injection vulnerability in multiple products
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands.
network
low complexity
snoopy redhat nagios CWE-77
critical
 9.8
9.8
2017-03-27 CVE-2017-5973 Infinite Loop vulnerability in multiple products
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
local
low complexity
qemu debian redhat CWE-835
5.5
5.5
2017-03-24 CVE-2016-7797 7PK - Security Features vulnerability in multiple products
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. 		7.5
7.5
2017-03-15 CVE-2015-8896 Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
network
low complexity
imagemagick oracle redhat
6.5
6.5
2017-03-15 CVE-2016-7103 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. 		6.1
6.1
2017-03-13 CVE-2017-5929 Deserialization of Untrusted Data vulnerability in multiple products
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
network
low complexity
qos redhat CWE-502
critical
 9.8
9.8
2017-03-03 CVE-2015-2877 Information Exposure vulnerability in multiple products
Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack.
local
low complexity
linux redhat CWE-200
3.3
3.3