Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2018-07-02 CVE-2018-10874 Unspecified vulnerability in Redhat products
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
local
low complexity
redhat
7.8
2018-07-01 CVE-2018-13033 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c.
local
low complexity
gnu redhat CWE-770
5.5
2018-06-27 CVE-2017-7465 Unspecified vulnerability in Redhat Jboss Enterprise Application Platform 7.0.0
It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection.
network
low complexity
redhat
critical
9.8
2018-06-26 CVE-2018-3760 Information Exposure vulnerability in multiple products
There is an information leak vulnerability in Sprockets.
network
low complexity
redhat sprockets-project debian CWE-200
7.5
2018-06-26 CVE-2018-1072 Information Exposure Through Log Files vulnerability in multiple products
ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files.
network
low complexity
ovirt redhat CWE-532
critical
9.8
2018-06-26 CVE-2018-1000544 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem.
network
low complexity
rubyzip-project debian redhat CWE-434
critical
9.8
2018-06-26 CVE-2018-10852 Information Exposure vulnerability in multiple products
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user.
network
low complexity
debian fedoraproject redhat CWE-200
7.5
2018-06-22 CVE-2017-7466 Improper Input Validation vulnerability in Redhat Ansible
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems.
network
low complexity
redhat CWE-20
8.0
2018-06-22 CVE-2017-2668 NULL Pointer Dereference vulnerability in multiple products
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled.
network
low complexity
fedoraproject redhat CWE-476
6.5
2018-06-21 CVE-2018-3665 Information Exposure vulnerability in multiple products
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
5.6