Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-17 | CVE-2018-15473 | Race Condition vulnerability in multiple products OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | 5.3 |
| 2018-08-17 | CVE-2018-10873 | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. | 8.8 |
| 2018-08-16 | CVE-2016-9598 | Out-of-bounds Read vulnerability in multiple products libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. | 6.5 |
| 2018-08-16 | CVE-2016-9596 | Resource Exhaustion vulnerability in multiple products libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. | 6.5 |
| 2018-08-13 | CVE-2018-10864 | Unspecified vulnerability in Redhat Certification An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. | 6.2 |
| 2018-08-13 | CVE-2017-15138 | Information Exposure vulnerability in Redhat Openshift Container Platform 3.9 The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens. | 5.0 |
| 2018-08-09 | CVE-2018-10931 | It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. | 9.8 |
| 2018-08-09 | CVE-2018-10915 | SQL Injection vulnerability in multiple products A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. | 7.5 |
| 2018-08-09 | CVE-2018-10908 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. | 6.3 |
| 2018-08-06 | CVE-2018-5390 | Resource Exhaustion vulnerability in multiple products Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. | 7.5 |