Vulnerabilities > Redhat > Enterprise Linux Server EUS > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2017-2616 Race Condition vulnerability in multiple products
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes.
local
high complexity
util-linux-project redhat debian CWE-362
4.7
2018-07-27 CVE-2017-2625 It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys.
local
low complexity
x-org redhat
5.5
2018-07-26 CVE-2017-18344 Out-of-bounds Read vulnerability in multiple products
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read).
local
low complexity
linux canonical redhat CWE-125
5.5
2018-07-10 CVE-2018-3693 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. 5.6
2018-06-13 CVE-2018-10850 Race Condition vulnerability in multiple products
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load.
network
high complexity
fedoraproject redhat debian CWE-362
5.9
2018-06-11 CVE-2018-5185 Missing Encryption of Sensitive Data vulnerability in multiple products
Plaintext of decrypted emails can leak through by user submitting an embedded form.
network
low complexity
redhat debian canonical mozilla CWE-311
6.5
2018-06-11 CVE-2018-5170 Improper Input Validation vulnerability in multiple products
It is possible to spoof the filename of an attachment and display an arbitrary attachment name.
network
low complexity
redhat mozilla debian canonical CWE-20
4.3
2018-06-11 CVE-2018-5168 Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element.
network
low complexity
debian mozilla canonical redhat
5.3
2018-06-11 CVE-2018-5161 Improper Input Validation vulnerability in multiple products
Crafted message headers can cause a Thunderbird process to hang on receiving the message.
network
low complexity
redhat debian canonical mozilla CWE-20
4.3
2018-06-11 CVE-2018-5131 Information Exposure vulnerability in multiple products
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should.
network
high complexity
debian mozilla redhat canonical CWE-200
5.9