Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-19 | CVE-2017-1000366 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. | 7.8 |
| 2017-06-08 | CVE-2016-5416 | Information Exposure vulnerability in Redhat products 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions. | 7.5 |
| 2017-06-08 | CVE-2016-4992 | Information Exposure vulnerability in Redhat products 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects. | 7.5 |
| 2017-06-08 | CVE-2016-3099 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Redhat products mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled. | 7.5 |
| 2017-06-08 | CVE-2016-4471 | Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code. | 8.8 |
| 2017-06-08 | CVE-2016-4457 | Cryptographic Issues vulnerability in Redhat Cloudforms Management Engine 5.7 CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. | 7.5 |
| 2017-06-08 | CVE-2014-3498 | Improper Input Validation vulnerability in Redhat Ansible The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. | 8.8 |
| 2017-06-07 | CVE-2015-6240 | Link Following vulnerability in Redhat Ansible The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. | 7.8 |
| 2017-06-06 | CVE-2017-9462 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | 8.8 |
| 2017-05-23 | CVE-2017-8309 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. | 7.5 |