Vulnerabilities > Redhat > Enterprise Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-01-18 CVE-2017-12197 Improper Input Validation vulnerability in multiple products
It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating.
network
low complexity
libpam4j-project redhat debian CWE-20
6.5
2018-01-14 CVE-2017-15128 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12.
local
low complexity
linux redhat CWE-119
5.5
2018-01-14 CVE-2017-15127 A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.
local
low complexity
linux redhat
5.5
2018-01-09 CVE-2017-15129 Race Condition vulnerability in multiple products
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11.
local
high complexity
linux fedoraproject canonical redhat CWE-362
4.7
2018-01-08 CVE-2014-1859 Link Following vulnerability in multiple products
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.
local
low complexity
numpy redhat fedoraproject CWE-59
5.5
2017-12-29 CVE-2016-3695 Injection vulnerability in multiple products
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.
local
low complexity
linux redhat CWE-74
5.5
2017-12-07 CVE-2017-15121 Unspecified vulnerability in Redhat products
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.
local
low complexity
redhat
5.5
2017-11-30 CVE-2017-15116 NULL Pointer Dereference vulnerability in multiple products
The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).
local
low complexity
linux redhat CWE-476
5.5
2017-11-15 CVE-2017-15102 NULL Pointer Dereference vulnerability in multiple products
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.
high complexity
linux redhat canonical CWE-476
6.3
2017-09-19 CVE-2015-7837 7PK - Security Features vulnerability in Redhat products
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.
local
low complexity
redhat CWE-254
5.5