Vulnerabilities > Redhat > Enterprise Linux > 7.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-18 | CVE-2018-12374 | Information Exposure vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. | 4.3 |
| 2018-10-18 | CVE-2018-12373 | Information Exposure vulnerability in multiple products dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. | 6.5 |
| 2018-10-18 | CVE-2018-12372 | Information Exposure vulnerability in multiple products Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. | 6.5 |
| 2018-10-06 | CVE-2018-17456 | Argument Injection or Modification vulnerability in multiple products Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. | 9.8 |
| 2018-09-25 | CVE-2018-11763 | In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. | 5.9 |
| 2018-09-21 | CVE-2018-14645 | Out-of-bounds Read vulnerability in multiple products A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. | 7.5 |
| 2018-09-05 | CVE-2018-14618 | Integer Overflow or Wraparound vulnerability in multiple products curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. | 9.8 |
| 2018-08-26 | CVE-2011-2767 | Code Injection vulnerability in multiple products mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. | 9.8 |
| 2018-07-25 | CVE-2018-1002200 | Path Traversal vulnerability in multiple products plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. | 5.5 |
| 2018-06-26 | CVE-2018-3760 | Information Exposure vulnerability in multiple products There is an information leak vulnerability in Sprockets. | 7.5 |