Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-26 | CVE-2018-10237 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. | 5.9 |
| 2018-04-26 | CVE-2016-9590 | Information Exposure vulnerability in multiple products puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). | 6.5 |
| 2018-04-25 | CVE-2018-10373 | NULL Pointer Dereference vulnerability in multiple products concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new. | 6.5 |
| 2018-04-25 | CVE-2018-10372 | Out-of-bounds Read vulnerability in multiple products process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf. | 5.5 |
| 2018-04-24 | CVE-2018-1059 | Information Exposure vulnerability in multiple products The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. | 6.1 |
| 2018-04-24 | CVE-2018-10322 | NULL Pointer Dereference vulnerability in multiple products The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. | 5.5 |
| 2018-04-23 | CVE-2018-1106 | Improper Authentication vulnerability in multiple products An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. | 5.5 |
| 2018-04-19 | CVE-2018-2819 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). | 6.5 |
| 2018-04-19 | CVE-2018-2817 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 6.5 |
| 2018-04-19 | CVE-2018-2815 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). | 5.3 |