Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-16 | CVE-2016-4123 | Out-of-bounds Write vulnerability in multiple products Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 8.8 |
| 2016-06-16 | CVE-2016-4122 | Out-of-bounds Write vulnerability in multiple products Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 8.8 |
| 2016-06-13 | CVE-2016-3698 | Improper Access Control vulnerability in multiple products libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network. | 8.1 |
| 2016-06-13 | CVE-2016-2818 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 8.8 |
| 2016-06-09 | CVE-2016-4448 | Use of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | 9.8 |
| 2016-06-09 | CVE-2016-2150 | Improper Access Control vulnerability in multiple products SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. | 7.1 |
| 2016-06-09 | CVE-2016-0749 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow. | 9.8 |
| 2016-06-08 | CVE-2016-3738 | Permissions, Privileges, and Access Controls vulnerability in Redhat Openshift 3.2 Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod. | 8.8 |
| 2016-06-08 | CVE-2016-3711 | Information Exposure vulnerability in Redhat Openshift and Openshift Origin HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. | 3.3 |
| 2016-06-08 | CVE-2016-3708 | Improper Access Control vulnerability in Redhat Openshift 3.2 Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary. | 7.1 |