Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-27 | CVE-2017-15275 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. | 7.5 |
| 2017-11-27 | CVE-2017-15114 | Improper Certificate Validation vulnerability in Redhat Openstack Platform 12.0 When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. | 8.1 |
| 2017-11-13 | CVE-2016-8610 | A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. | 7.5 |
| 2017-11-08 | CVE-2017-15087 | Unspecified vulnerability in Redhat Gluster Storage 3.3 It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | 7.5 |
| 2017-11-08 | CVE-2017-15086 | Unspecified vulnerability in Redhat Gluster Storage 3.3 It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | 7.4 |
| 2017-11-06 | CVE-2015-7529 | Link Following vulnerability in multiple products sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. | 7.8 |
| 2017-10-31 | CVE-2017-1000256 | Improper Certificate Validation vulnerability in multiple products libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | 8.1 |
| 2017-10-27 | CVE-2017-5121 | Improper Input Validation vulnerability in multiple products Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. | 8.8 |
| 2017-10-27 | CVE-2017-5116 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2017-10-27 | CVE-2017-5114 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. | 8.8 |