Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2017-2624 Information Exposure vulnerability in multiple products
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies.
local
high complexity
x-org debian CWE-200
7.0
7.0
2018-07-27 CVE-2017-2590 Permission Issues vulnerability in multiple products
A vulnerability was found in ipa before 4.4.
network
low complexity
freeipa redhat CWE-275
8.1
8.1
2018-07-27 CVE-2017-2581 Out-of-bounds Write vulnerability in Netpbm Project Netpbm
An out-of-bounds write vulnerability was found in netpbm before 10.61.
local
low complexity
netpbm-project CWE-787
7.8
7.8
2018-07-27 CVE-2017-2580 Out-of-bounds Write vulnerability in Netpbm Project Netpbm 10.61.00
An out-of-bounds write vulnerability was found in netpbm before 10.61.
local
low complexity
netpbm-project CWE-787
7.8
7.8
2018-07-27 CVE-2017-2579 Out-of-bounds Read vulnerability in Netpbm Project Netpbm 10.61.00
An out-of-bounds read vulnerability was found in netpbm before 10.61.
local
low complexity
netpbm-project CWE-125
7.8
7.8
2018-07-27 CVE-2017-15119 Resource Exhaustion vulnerability in multiple products
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue.
network
low complexity
qemu canonical debian redhat CWE-400
8.6
8.6
2018-07-27 CVE-2017-12173 Improper Input Validation vulnerability in multiple products
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection.
network
low complexity
redhat fedoraproject CWE-20
8.8
8.8
2018-07-27 CVE-2017-12148 Improper Input Validation vulnerability in Redhat Ansible Tower and Cloudforms
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories.
network
low complexity
redhat CWE-20
7.2
7.2
2018-07-27 CVE-2017-2670 Infinite Loop vulnerability in multiple products
It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
network
low complexity
redhat debian CWE-835
7.5
7.5
2018-07-27 CVE-2017-15120 NULL Pointer Dereference vulnerability in multiple products
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN.
network
low complexity
powerdns debian CWE-476
7.5
7.5