Vulnerabilities > Redhat > Enterprise Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-09-10 CVE-2016-7056 A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
local
low complexity
openssl debian redhat canonical
5.5
5.5
2018-09-05 CVE-2018-16542 Out-of-bounds Write vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.
local
low complexity
artifex redhat debian canonical CWE-787
5.5
5.5
2018-09-04 CVE-2018-10930 A flaw was found in RPC request using gfs3_rename_req in glusterfs server.
network
low complexity
gluster redhat debian opensuse
6.5
6.5
2018-08-20 CVE-2015-5160 Information Exposure vulnerability in multiple products
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
local
low complexity
libvirt redhat CWE-200
5.5
5.5
2018-07-30 CVE-2018-10883 A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
debian linux canonical redhat
5.5
5.5
2018-07-27 CVE-2017-2618 A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10.
local
low complexity
linux redhat debian
5.5
5.5
2018-07-27 CVE-2018-10882 A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
linux debian canonical redhat
5.5
5.5
2018-07-27 CVE-2017-2625 It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys.
local
low complexity
x-org redhat
5.5
5.5
2018-07-27 CVE-2017-2623 Improper Certificate Validation vulnerability in multiple products
It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering.
network
high complexity
rpm-ostree redhat CWE-295
5.3
5.3
2018-07-26 CVE-2017-12171 A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly.
network
low complexity
redhat apache
6.5
6.5