Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-08 | CVE-2016-4992 | Information Exposure vulnerability in Redhat products 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects. | 7.5 |
| 2017-06-08 | CVE-2016-3099 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Redhat products mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled. | 7.5 |
| 2017-06-08 | CVE-2016-4471 | Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code. | 8.8 |
| 2017-06-08 | CVE-2016-4457 | Cryptographic Issues vulnerability in Redhat Cloudforms Management Engine 5.7 CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. | 7.5 |
| 2017-06-08 | CVE-2016-3112 | Improper Access Control vulnerability in Pulpproject Pulp client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and authenticating as a consumer user. | 7.5 |
| 2017-06-08 | CVE-2016-3108 | Link Following vulnerability in Pulpproject Pulp The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack. | 7.1 |
| 2017-06-08 | CVE-2016-3091 | Data Processing Errors vulnerability in Cloud Foundry Diego 0.1468.0/0.1469.0/0.1470.0 Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service. | 7.5 |
| 2017-06-08 | CVE-2014-3498 | Improper Input Validation vulnerability in Redhat Ansible The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. | 8.8 |
| 2017-06-08 | CVE-2017-9023 | Infinite Loop vulnerability in Strongswan The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. | 7.5 |
| 2017-06-08 | CVE-2017-9022 | Improper Input Validation vulnerability in multiple products The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. | 7.5 |