Vulnerabilities > Redhat > Enterprise Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-26 | CVE-2017-7562 | Improper Certificate Validation vulnerability in multiple products An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. | 6.5 |
2018-07-25 | CVE-2018-1002200 | Path Traversal vulnerability in multiple products plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. | 5.5 |
2018-07-25 | CVE-2018-10880 | Out-of-bounds Write vulnerability in multiple products Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). | 5.5 |
2018-07-18 | CVE-2018-10877 | Out-of-bounds Read vulnerability in multiple products Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. | 6.5 |
2018-07-16 | CVE-2018-10840 | Heap-based Buffer Overflow vulnerability in multiple products Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. | 6.6 |
2018-07-10 | CVE-2018-3693 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. | 4.7 |
2018-07-10 | CVE-2018-10872 | Execution with Unnecessary Privileges vulnerability in Redhat products A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. | 5.5 |
2018-07-10 | CVE-2018-1128 | Improper Authentication vulnerability in multiple products It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. | 5.4 |
2018-07-06 | CVE-2018-10892 | Execution with Unnecessary Privileges vulnerability in multiple products The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. | 5.3 |
2018-07-03 | CVE-2018-1113 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat products setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. | 4.6 |