Redhat: Security Vulnerabilities
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
CVSS Score
9.8
EPSS Score
0.015
Published
2017-03-31
Snoopy allows remote attackers to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.055
Published
2017-03-31
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
CVSS Score
9.8
EPSS Score
0.027
Published
2017-03-31
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-03-27
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
CVSS Score
7.5
EPSS Score
0.024
Published
2017-03-24
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-03-15
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
CVSS Score
6.1
EPSS Score
0.014
Published
2017-03-15
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
CVSS Score
9.8
EPSS Score
0.137
Published
2017-03-13
Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities
CVSS Score
3.3
EPSS Score
0.001
Published
2017-03-03
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-02-16