Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-06 | CVE-2018-13405 | Improper Privilege Management vulnerability in multiple products The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. | 7.8 |
| 2018-07-06 | CVE-2017-2665 | Insufficiently Protected Credentials vulnerability in multiple products The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. | 7.0 |
| 2018-07-05 | CVE-2018-12910 | Out-of-bounds Read vulnerability in multiple products The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. | 9.8 |
| 2018-07-05 | CVE-2018-10885 | Improper Input Validation vulnerability in Redhat Openshift In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. | 7.5 |
| 2018-07-03 | CVE-2018-1113 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat products setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. | 5.3 |
| 2018-07-03 | CVE-2018-10855 | Information Exposure Through Log Files vulnerability in multiple products Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. | 5.9 |
| 2018-07-03 | CVE-2017-2615 | Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. | 9.1 |
| 2018-07-02 | CVE-2018-10843 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Container Platform source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. | 8.8 |
| 2018-07-02 | CVE-2018-8039 | Improper Handling of Exceptional Conditions vulnerability in multiple products It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. | 8.1 |
| 2018-07-02 | CVE-2018-10874 | Unspecified vulnerability in Redhat products In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | 7.8 |