Vulnerabilities > Redhat > Enterprise Linux Server > Low

DATE CVE VULNERABILITY TITLE RISK
2018-03-06 CVE-2018-5730 LDAP Injection vulnerability in multiple products
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
network
low complexity
mit fedoraproject debian redhat CWE-90
3.8
2018-01-26 CVE-2018-5750 Information Exposure vulnerability in Linux Kernel
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
local
low complexity
linux debian canonical redhat CWE-200
2.1
2018-01-23 CVE-2018-5683 Out-of-bounds Read vulnerability in multiple products
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
local
low complexity
qemu debian redhat canonical CWE-125
2.1
2018-01-18 CVE-2018-2579 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). 3.7
2017-10-27 CVE-2017-5081 Improper Input Validation vulnerability in multiple products
Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.
local
low complexity
google debian redhat CWE-20
3.3
2017-10-26 CVE-2017-12158 Cross-site Scripting vulnerability in multiple products
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations.
3.5
2017-10-19 CVE-2017-10345 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization).
network
high complexity
oracle debian redhat netapp
2.6
2017-10-17 CVE-2017-13078 Use of Insufficiently Random Values vulnerability in multiple products
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
2.9
2017-10-17 CVE-2017-13079 Use of Insufficiently Random Values vulnerability in multiple products
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
2.9
2017-10-17 CVE-2017-13080 Use of Insufficiently Random Values vulnerability in multiple products
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
2.9