Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2016-6312 | Resource Exhaustion vulnerability in Redhat Enterprise Linux 5.11 The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). | 6.5 |
| 2017-07-17 | CVE-2016-0764 | Race Condition vulnerability in Redhat Networkmanager Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. | 6.2 |
| 2017-06-26 | CVE-2015-3142 | Information Exposure vulnerability in Redhat Automatic BUG Reporting Tool The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application. | 4.7 |
| 2017-06-26 | CVE-2015-1870 | Information Exposure vulnerability in Redhat Automatic BUG Reporting Tool The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors. | 5.5 |
| 2017-06-22 | CVE-2017-9775 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | 6.5 |
| 2017-06-06 | CVE-2017-9461 | Infinite Loop vulnerability in multiple products smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. | 6.5 |
| 2017-06-06 | CVE-2016-3077 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Redhat Ovirt-Engine The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs. | 6.5 |
| 2017-05-29 | CVE-2017-9287 | Double Free vulnerability in multiple products servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. | 6.5 |
| 2017-05-23 | CVE-2017-8379 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. | 6.5 |
| 2017-04-24 | CVE-2017-5046 | V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure. | 4.3 |