The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of RHEL

QEMU: memory corruption via Firmware Configuration
A local privileged attacker in a guest system can generate a memory corruption in the Firmware Configuration implementation of QEMU, in order to trigger a denial of service, and possibly to run code on the host system...
CVE-2016-1714, DSA-3469-1, DSA-3470-1, DSA-3471-1, FEDORA-2016-38b20aa50f, FEDORA-2016-f4504e9445, openSUSE-SU-2016:0914-1, openSUSE-SU-2016:0995-1, openSUSE-SU-2016:1750-1, openSUSE-SU-2016:2494-1, RHSA-2016:0082-01, RHSA-2016:0083-01, RHSA-2016:0085-01, RHSA-2016:0086-01, RHSA-2016:0087-01, RHSA-2016:0088-01, SOL75248350, SUSE-SU-2016:0873-1, SUSE-SU-2016:0955-1, SUSE-SU-2016:1154-1, SUSE-SU-2016:1318-1, SUSE-SU-2016:1560-1, SUSE-SU-2016:1698-1, SUSE-SU-2016:1703-1, SUSE-SU-2016:1745-1, SUSE-SU-2016:1785-1, USN-2891-1, VIGILANCE-VUL-18683
Linux kernel: denial of service via sctp_accept
A local attacker can generate a deadlock via sctp_accept() in the Linux kernel, in order to trigger a denial of service...
CERTFR-2016-AVI-073, CERTFR-2016-AVI-082, CERTFR-2016-AVI-099, CERTFR-2016-AVI-103, CERTFR-2016-AVI-110, CERTFR-2016-AVI-159, CERTFR-2016-AVI-275, CERTFR-2016-AVI-315, CVE-2015-8767, DSA-3448-1, DSA-3503-1, FEDORA-2016-5d43766e33, JSA10853, openSUSE-SU-2016:0280-1, openSUSE-SU-2016:0301-1, openSUSE-SU-2016:0318-1, openSUSE-SU-2016:1008-1, openSUSE-SU-2016:2649-1, RHSA-2016:0715-01, RHSA-2016:1277-01, RHSA-2016:1301-01, RHSA-2016:1341-01, SUSE-SU-2016:0585-1, SUSE-SU-2016:0785-1, SUSE-SU-2016:0911-1, SUSE-SU-2016:1102-1, SUSE-SU-2016:1203-1, SUSE-SU-2016:2074-1, USN-2930-1, USN-2930-2, USN-2930-3, USN-2931-1, USN-2932-1, USN-2967-1, USN-2967-2, USN-3083-1, USN-3083-2, VIGILANCE-VUL-18678
QEMU: use after free via AHCI NCQ
An attacker in a guest system can force the usage of a freed memory area with AHCI NCQ on QEMU, in order to trigger a denial of service, and possibly to run code on the host system...
CVE-2016-1568, DSA-3469-1, DSA-3470-1, DSA-3471-1, FEDORA-2016-42778e8c82, openSUSE-SU-2016:0914-1, openSUSE-SU-2016:0995-1, openSUSE-SU-2016:1750-1, RHSA-2016:0086-01, RHSA-2016:0087-01, RHSA-2016:0088-01, SUSE-SU-2016:0873-1, SUSE-SU-2016:0955-1, SUSE-SU-2016:1318-1, SUSE-SU-2016:1560-1, SUSE-SU-2016:1698-1, SUSE-SU-2016:1703-1, SUSE-SU-2016:1745-1, SUSE-SU-2016:1785-1, USN-2891-1, VIGILANCE-VUL-18675
OpenStack Compute/Nova: privilege escalation via Instance Snapshot
An attacker can bypass restrictions in Instance Snapshot of OpenStack Compute/Nova, in order to escalate his privileges...
CVE-2015-7548, RHSA-2016:0017-01, RHSA-2016:0018-01, USN-3449-1, VIGILANCE-VUL-18670
Mozilla NSS, OpenSSL, Oracle Java: MD5 allowed in TLS 1.2
An attacker can create a MD5 collision in a TLS 1.2 session of Mozilla NSS, OpenSSL or Oracle Java, in order to capture data belonging to this session...
000008896, 1974958, 1975290, 1975424, 1976113, 1976148, 1976200, 1976262, 1976362, 1976363, 1977405, 1977517, 1977518, 1977523, 9010065, cpujan2016, cpuoct2017, CVE-2015-7575, DSA-3436-1, DSA-3457-1, DSA-3465-1, DSA-3491-1, DSA-3688-1, FEDORA-2016-4aeba0f53d, MFSA-2015-150, NTAP-20160225-0001, NTAP20160225-001, openSUSE-SU-2015:2405-1, openSUSE-SU-2016:0007-1, openSUSE-SU-2016:0161-1, openSUSE-SU-2016:0162-1, openSUSE-SU-2016:0263-1, openSUSE-SU-2016:0268-1, openSUSE-SU-2016:0270-1, openSUSE-SU-2016:0272-1, openSUSE-SU-2016:0279-1, openSUSE-SU-2016:0307-1, openSUSE-SU-2016:0308-1, openSUSE-SU-2016:0488-1, RHSA-2016:0007-01, RHSA-2016:0008-01, RHSA-2016:0049-01, RHSA-2016:0050-01, RHSA-2016:0053-01, RHSA-2016:0054-01, RHSA-2016:0055-01, RHSA-2016:0056-01, RHSA-2016:0098-01, RHSA-2016:0099-01, RHSA-2016:0100-01, RHSA-2016:0101-01, SA108, SLOTH, SUSE-SU-2016:0256-1, SUSE-SU-2016:0265-1, SUSE-SU-2016:0269-1, SUSE-SU-2016:0390-1, SUSE-SU-2016:0399-1, SUSE-SU-2016:0401-1, SUSE-SU-2016:0428-1, SUSE-SU-2016:0431-1, SUSE-SU-2016:0433-1, SUSE-SU-2016:0770-1, SUSE-SU-2016:0776-1, USN-2863-1, USN-2864-1, USN-2866-1, USN-2884-1, USN-2904-1, VIGILANCE-VUL-18586
OpenStack Compute/Nova: privilege escalation via Group Update
An attacker can bypass restrictions in Group Update of OpenStack Compute/Nova, in order to escalate his privileges...
CVE-2015-7713, RHSA-2016:0013-01, RHSA-2016:0017-01, USN-3449-1, VIGILANCE-VUL-18657
PHP: six vulnerabilities
An attacker can use several vulnerabilities of PHP...
70661, 70728, 70741, 70755, 70976, 71270, CERTFR-2016-AVI-023, CVE-2016-1903, CVE-2016-1904, CVE-2016-5114, DLA-628-1, FEDORA-2016-5207e0c1a1, FEDORA-2016-558167a417, openSUSE-SU-2016:0251-1, openSUSE-SU-2016:0366-1, openSUSE-SU-2016:1553-1, RHSA-2016:2750-01, SSA:2016-034-04, SUSE-SU-2016:1581-1, USN-2952-1, USN-2952-2, USN-3045-1, VIGILANCE-VUL-18653
Linux kernel: NULL pointer dereference via nfs_v4_2_minor_ops
An attacker can force a NULL pointer to be dereferenced in nfs_v4_2_minor_ops of the Linux kernel, in order to trigger a denial of service...
CVE-2015-8746, RHSA-2016:2574-02, RHSA-2016:2584-02, VIGILANCE-VUL-18641
Ruby: bypassing $SAFE via Fiddle-Handle.new
The Ruby Fiddle::Handle.new() function accepts to open a tainted file, which bypasses the protection of the $SAFE mode...
CVE-2015-7551, FEDORA-2015-c4409eb73a, FEDORA-2015-eef21b972e, openSUSE-SU-2017:0933-1, openSUSE-SU-2017:1128-1, RHSA-2018:0583-01, SUSE-SU-2017:1067-1, USN-3365-1, VIGILANCE-VUL-18613
Ruby: bypassing $SAFE via DL-dlopen
The Ruby DL::dlopen() function accepts to open a tainted file, which bypasses the protection of the $SAFE mode...
CVE-2009-5147, FEDORA-2015-c4409eb73a, FEDORA-2015-eef21b972e, RHSA-2018:0583-01, USN-3365-1, VIGILANCE-VUL-18612
Our database contains other pages. You can request a free trial to read them.

Display information about RHEL: