Vulnerabilities > Redhat > Enterprise Linux Desktop > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2017-2626 It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys.
local
low complexity
freedesktop redhat
5.5
5.5
2018-07-27 CVE-2017-2618 A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10.
local
low complexity
linux redhat debian
5.5
5.5
2018-07-27 CVE-2017-2616 Race Condition vulnerability in multiple products
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes.
local
high complexity
util-linux-project redhat debian CWE-362
4.7
4.7
2018-07-27 CVE-2017-2625 It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys.
local
low complexity
x-org redhat
5.5
5.5
2018-07-26 CVE-2017-18344 Out-of-bounds Read vulnerability in multiple products
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read).
local
low complexity
linux canonical redhat CWE-125
5.5
5.5
2018-07-26 CVE-2018-10881 A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
debian canonical linux redhat
5.5
5.5
2018-07-26 CVE-2017-12171 A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly.
network
low complexity
redhat apache
6.5
6.5
2018-07-26 CVE-2017-7562 An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates.
network
low complexity
redhat mit
6.5
6.5
2018-07-25 CVE-2018-13988 Out-of-bounds Read vulnerability in multiple products
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite.
network
low complexity
freedesktop canonical debian redhat CWE-125
6.5
6.5
2018-07-25 CVE-2018-1002200 Path Traversal vulnerability in multiple products
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction.
local
low complexity
codehaus-plexus redhat debian CWE-22
5.5
5.5