Vulnerabilities > Redhat > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-12-01 CVE-2017-11281 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function.
network
low complexity
adobe redhat CWE-119
critical
9.8
2017-11-27 CVE-2017-14746 Use After Free vulnerability in multiple products
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
network
low complexity
samba redhat debian canonical CWE-416
critical
9.8
2017-11-21 CVE-2017-7550 Unspecified vulnerability in Redhat Ansible and Enterprise Linux Server
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module.
network
low complexity
redhat
critical
9.8
2017-11-09 CVE-2015-7501 Deserialization of Untrusted Data vulnerability in Redhat products
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
network
low complexity
redhat CWE-502
critical
9.8
2017-10-27 CVE-2017-5053 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf.
network
low complexity
google redhat CWE-125
critical
9.6
2017-10-19 CVE-2017-10346 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).
network
low complexity
oracle redhat netapp debian
critical
9.6
2017-10-19 CVE-2017-10285 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI).
network
low complexity
oracle debian redhat netapp
critical
9.6
2017-10-18 CVE-2015-5740 HTTP Request Smuggling vulnerability in multiple products
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.
network
low complexity
golang fedoraproject redhat CWE-444
critical
9.8
2017-10-18 CVE-2015-5739 HTTP Request Smuggling vulnerability in multiple products
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."
network
low complexity
golang fedoraproject redhat CWE-444
critical
9.8
2017-10-16 CVE-2014-3702 Path Traversal vulnerability in Redhat Edeploy
Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a ..
network
low complexity
redhat CWE-22
critical
9.1