Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-14 | CVE-2018-16888 | Improper Privilege Management vulnerability in multiple products It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. | 4.7 |
| 2019-01-14 | CVE-2018-16886 | Improper Authentication vulnerability in multiple products etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. | 8.1 |
| 2019-01-13 | CVE-2018-16887 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) flaw was found in the katello component of Satellite. | 3.5 |
| 2019-01-12 | CVE-2018-20699 | Resource Exhaustion vulnerability in multiple products Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. | 4.0 |
| 2019-01-11 | CVE-2018-16865 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. | 7.8 |
| 2019-01-11 | CVE-2018-16864 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. | 7.8 |
| 2019-01-11 | CVE-2018-16866 | Out-of-bounds Read vulnerability in multiple products An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. | 3.3 |
| 2019-01-11 | CVE-2019-6133 | Race Condition vulnerability in multiple products In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. | 4.4 |
| 2019-01-10 | CVE-2018-20685 | Incorrect Authorization vulnerability in multiple products In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . | 5.3 |
| 2019-01-10 | CVE-2017-1002157 | Improper Input Validation vulnerability in Redhat Modulemd modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution. | 9.8 |