Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2018-08-22 CVE-2018-10858 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing.
network
low complexity
debian canonical samba redhat CWE-119
8.8
8.8
2018-08-22 CVE-2017-2627 Path Traversal vulnerability in multiple products
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11.
local
low complexity
redhat openstack CWE-22
8.2
8.2
2018-08-22 CVE-2017-7528 CRLF Injection vulnerability in Redhat Ansible Tower and Cloudforms Management Engine
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection.
low complexity
redhat CWE-93
6.5
6.5
2018-08-22 CVE-2017-7513 Improper Certificate Validation vulnerability in Redhat Satellite
It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields.
network
low complexity
redhat CWE-295
5.4
5.4
2018-08-22 CVE-2018-1139 Insufficiently Protected Credentials vulnerability in multiple products
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled.
network
high complexity
samba redhat canonical CWE-522
8.1
8.1
2018-08-22 CVE-2018-10884 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Ansible Tower
Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py.
network
low complexity
redhat CWE-352
8.8
8.8
2018-08-22 CVE-2018-10846 A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found.
local
high complexity
gnu redhat canonical fedoraproject debian
5.6
5.6
2018-08-22 CVE-2018-10845 It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack.
network
high complexity
gnu redhat canonical fedoraproject debian
5.9
5.9
2018-08-22 CVE-2018-10844 It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack.
network
high complexity
gnu redhat canonical fedoraproject debian
5.9
5.9
2018-08-21 CVE-2018-10902 It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file.
local
low complexity
debian canonical linux redhat
7.8
7.8