Vulnerabilities > Redhat > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-05 CVE-2017-1000111 Out-of-bounds Write vulnerability in multiple products
Linux kernel: heap out-of-bounds in AF_PACKET sockets.
local
low complexity
linux redhat debian CWE-787
7.8
2017-10-04 CVE-2017-12149 Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
network
low complexity
redhat CWE-502
7.5
2017-10-03 CVE-2017-14496 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
7.5
2017-10-03 CVE-2017-14495 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
network
low complexity
redhat debian canonical thekelleys CWE-772
7.5
2017-10-03 CVE-2017-13704 Improper Input Validation vulnerability in multiple products
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value.
7.5
2017-09-29 CVE-2017-7552 Unspecified vulnerability in Redhat Mobile Application Platform 4.4/4.4.3
A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created.
network
low complexity
redhat
7.5
2017-09-25 CVE-2015-5184 Unspecified vulnerability in Redhat AMQ and Jboss Enterprise web Server
Console: CORS headers set to allow all in Red Hat AMQ.
network
low complexity
redhat
7.5
2017-09-25 CVE-2015-5183 Unspecified vulnerability in Redhat Amq, Jboss A-Mq and Jboss Enterprise web Server
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.
network
low complexity
redhat
7.5
2017-09-25 CVE-2015-5182 Cross-Site Request Forgery (CSRF) vulnerability in Redhat AMQ
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.
network
low complexity
redhat CWE-352
8.8
2017-09-19 CVE-2014-8174 Information Exposure vulnerability in Redhat Edeploy
eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files.
network
low complexity
redhat CWE-200
7.5