Vulnerabilities > Redhat > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-31 | CVE-2016-8628 | Command Injection vulnerability in Redhat Ansible Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. | 9.1 |
| 2018-07-27 | CVE-2017-15118 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. | 9.8 |
| 2018-07-27 | CVE-2016-9603 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. | 9.9 |
| 2018-07-27 | CVE-2017-15101 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. | 9.8 |
| 2018-07-27 | CVE-2017-2620 | Out-of-bounds Write vulnerability in multiple products Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. | 9.9 |
| 2018-07-27 | CVE-2017-2640 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. | 9.8 |
| 2018-07-27 | CVE-2017-7470 | Incorrect Authorization vulnerability in Redhat Satellite and Spacewalk It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py. | 9.8 |
| 2018-07-27 | CVE-2017-7464 | XXE vulnerability in Redhat Jboss Enterprise Application Platform 7.0 It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. | 9.8 |
| 2018-07-26 | CVE-2017-2589 | It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies. | 9.0 |
| 2018-07-26 | CVE-2017-2637 | Missing Authentication for Critical Function vulnerability in Redhat Openstack A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. | 10.0 |