Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-26 | CVE-2011-2767 | Code Injection vulnerability in multiple products mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. | 9.8 |
| 2018-08-24 | CVE-2018-14599 | Off-by-one Error vulnerability in multiple products An issue was discovered in libX11 through 1.6.5. | 9.8 |
| 2018-08-22 | CVE-2017-2635 | NULL Pointer Dereference vulnerability in Redhat Libvirt 2.5.0/3.0.0 A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. | 6.5 |
| 2018-08-22 | CVE-2018-10858 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. | 8.8 |
| 2018-08-22 | CVE-2017-2627 | Path Traversal vulnerability in multiple products A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. | 8.2 |
| 2018-08-22 | CVE-2017-7528 | CRLF Injection vulnerability in Redhat Ansible Tower and Cloudforms Management Engine Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. | 6.5 |
| 2018-08-22 | CVE-2017-7513 | Improper Certificate Validation vulnerability in Redhat Satellite It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. | 5.4 |
| 2018-08-22 | CVE-2018-1139 | Insufficiently Protected Credentials vulnerability in multiple products A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. | 8.1 |
| 2018-08-22 | CVE-2018-10884 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Ansible Tower Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. | 8.8 |
| 2018-08-22 | CVE-2018-10846 | A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. | 5.6 |