Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-02 | CVE-2018-10843 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Container Platform source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. | 8.8 |
| 2018-07-02 | CVE-2018-8039 | Improper Handling of Exceptional Conditions vulnerability in multiple products It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. | 8.1 |
| 2018-07-02 | CVE-2018-10874 | Unspecified vulnerability in Redhat products In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | 7.8 |
| 2018-07-01 | CVE-2018-13033 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. | 5.5 |
| 2018-06-27 | CVE-2017-7465 | Unspecified vulnerability in Redhat Jboss Enterprise Application Platform 7.0.0 It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. | 9.8 |
| 2018-06-26 | CVE-2018-3760 | Information Exposure vulnerability in multiple products There is an information leak vulnerability in Sprockets. | 7.5 |
| 2018-06-26 | CVE-2018-1072 | Information Exposure Through Log Files vulnerability in multiple products ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. | 9.8 |
| 2018-06-26 | CVE-2018-1000544 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. | 9.8 |
| 2018-06-26 | CVE-2018-10852 | Information Exposure vulnerability in multiple products The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. | 7.5 |
| 2018-06-22 | CVE-2017-7466 | Improper Input Validation vulnerability in Redhat Ansible Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. | 8.0 |