Vulnerabilities > Redhat > Enterprise Linux > 6.0

DATE CVE VULNERABILITY TITLE RISK
2018-10-31 CVE-2018-14651 It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete.
network
low complexity
debian redhat gluster
8.8
8.8
2018-10-19 CVE-2018-18438 Integer Overflow or Wraparound vulnerability in multiple products
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
local
low complexity
qemu redhat CWE-190
5.5
5.5
2018-10-18 CVE-2018-12374 Information Exposure vulnerability in multiple products
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field.
network
low complexity
mozilla redhat debian canonical CWE-200
4.3
4.3
2018-10-18 CVE-2018-12373 Information Exposure vulnerability in multiple products
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward.
network
low complexity
mozilla redhat debian canonical CWE-200
6.5
6.5
2018-10-18 CVE-2018-12372 Information Exposure vulnerability in multiple products
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward.
network
low complexity
mozilla redhat debian canonical CWE-200
6.5
6.5
2018-10-06 CVE-2018-17456 Argument Injection or Modification vulnerability in multiple products
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
network
low complexity
git-scm redhat canonical debian CWE-88
critical
 9.8
9.8
2018-09-25 CVE-2018-11763 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect.
network
high complexity
apache canonical redhat oracle netapp
5.9
5.9
2018-09-10 CVE-2016-7056 A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
local
low complexity
openssl debian redhat canonical
5.5
5.5
2018-09-05 CVE-2018-14618 Integer Overflow or Wraparound vulnerability in multiple products
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code.
network
low complexity
haxx canonical debian redhat CWE-190
critical
 9.8
9.8
2018-09-04 CVE-2018-10930 A flaw was found in RPC request using gfs3_rename_req in glusterfs server.
network
low complexity
gluster redhat debian opensuse
6.5
6.5