Vulnerabilities > Redhat

DATE	CVE	VULNERABILITY TITLE	RISK
2018-08-22	CVE-2018-10884	Cross-Site Request Forgery (CSRF) vulnerability in Redhat Ansible Tower Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. network low complexity redhat CWE-352	8.8
2018-08-22	CVE-2018-10846	A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. local high complexity gnu redhat canonical fedoraproject debian	5.6
2018-08-22	CVE-2018-10845	It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. network high complexity gnu redhat canonical fedoraproject debian	5.9
2018-08-22	CVE-2018-10844	It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. network high complexity gnu redhat canonical fedoraproject debian	5.9
2018-08-21	CVE-2018-10902	It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. local low complexity debian canonical linux redhat	7.8
2018-08-21	CVE-2018-12115	Out-of-bounds Write vulnerability in multiple products In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. network low complexity nodejs redhat CWE-787	7.5
2018-08-20	CVE-2018-1656	Path Traversal vulnerability in multiple products The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. network low complexity ibm redhat oracle CWE-22	6.5
2018-08-20	CVE-2018-1517	Improper Input Validation vulnerability in multiple products A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. network low complexity ibm redhat CWE-20	7.5
2018-08-20	CVE-2015-5160	Information Exposure vulnerability in multiple products libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. local low complexity libvirt redhat CWE-200	5.5
2018-08-20	CVE-2018-1000632	XML Injection (aka Blind XPath Injection) vulnerability in multiple products dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. network low complexity dom4j-project debian oracle redhat netapp CWE-91	7.5

Vulnerabilities > Redhat {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Redhat"}]}

Vulnerabilities > Redhat