Vulnerabilities > Redhat > Enterprise Linux Server

DATE CVE VULNERABILITY TITLE RISK
2018-10-09 CVE-2018-14649 Unspecified vulnerability in Redhat products
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode.
network
low complexity
redhat
critical
 9.8
9.8
2018-10-08 CVE-2018-1000808 Improper Resource Shutdown or Release vulnerability in multiple products
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted.
network
high complexity
pyopenssl-project canonical redhat CWE-404
5.9
5.9
2018-10-08 CVE-2018-1000807 Use After Free vulnerability in multiple products
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution..
network
high complexity
pyopenssl canonical redhat CWE-416
8.1
8.1
2018-10-08 CVE-2018-1000805 Incorrect Authorization vulnerability in multiple products
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE.
network
low complexity
paramiko redhat debian canonical CWE-863
8.8
8.8
2018-10-06 CVE-2018-17456 Argument Injection or Modification vulnerability in multiple products
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
network
low complexity
git-scm redhat canonical debian CWE-88
critical
 9.8
9.8
2018-10-04 CVE-2018-11784 Open Redirect vulnerability in multiple products
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g.
network
low complexity
apache debian canonical netapp redhat oracle CWE-601
4.3
4.3
2018-10-03 CVE-2018-17972 Race Condition vulnerability in multiple products
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11.
local
low complexity
linux canonical redhat debian CWE-362
5.5
5.5
2018-09-28 CVE-2018-17581 Resource Exhaustion vulnerability in multiple products
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.
network
low complexity
exiv2 debian canonical redhat CWE-400
6.5
6.5
2018-09-27 CVE-2018-14650 It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user.
local
low complexity
sos-collector-project redhat
5.0
5.0
2018-09-25 CVE-2018-14634 An integer overflow flaw was found in the Linux kernel's create_elf_tables() function.
local
low complexity
linux redhat canonical netapp
7.8
7.8