Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2018-07-06 CVE-2018-13405 Improper Privilege Management vulnerability in multiple products
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group.
7.8
2018-07-06 CVE-2017-2665 Insufficiently Protected Credentials vulnerability in multiple products
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user.
local
high complexity
mongodb redhat CWE-522
7.0
2018-07-05 CVE-2018-12910 Out-of-bounds Read vulnerability in multiple products
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
network
low complexity
gnome canonical debian redhat opensuse CWE-125
critical
9.8
2018-07-05 CVE-2018-10885 Improper Input Validation vulnerability in Redhat Openshift
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin.
network
low complexity
redhat CWE-20
7.5
2018-07-03 CVE-2018-1113 Incorrect Permission Assignment for Critical Resource vulnerability in Redhat products
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells.
local
low complexity
redhat CWE-732
5.3
2018-07-03 CVE-2018-10855 Information Exposure Through Log Files vulnerability in multiple products
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks.
network
high complexity
redhat debian canonical CWE-532
5.9
2018-07-03 CVE-2017-2615 Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen
critical
9.1
2018-07-02 CVE-2018-10843 Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Container Platform
source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container.
network
low complexity
redhat CWE-732
8.8
2018-07-02 CVE-2018-8039 Improper Handling of Exceptional Conditions vulnerability in multiple products
It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'.
network
high complexity
apache redhat CWE-755
8.1
2018-07-02 CVE-2018-10874 Unspecified vulnerability in Redhat products
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
local
low complexity
redhat
7.8