Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2018-06-22 CVE-2017-7466 Improper Input Validation vulnerability in Redhat Ansible
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems.
network
low complexity
redhat CWE-20
8.0
2018-06-22 CVE-2017-2668 NULL Pointer Dereference vulnerability in multiple products
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled.
network
low complexity
fedoraproject redhat CWE-476
6.5
2018-06-21 CVE-2018-3665 Information Exposure vulnerability in multiple products
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
5.6
2018-06-21 CVE-2017-2672 Improper Privilege Management vulnerability in multiple products
A flaw was found in foreman before version 1.15 in the logging of adding and registering images.
network
low complexity
theforeman redhat CWE-269
8.8
2018-06-20 CVE-2018-1120 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found affecting the Linux kernel before version 4.17.
network
high complexity
linux redhat debian canonical CWE-119
5.3
2018-06-20 CVE-2018-1117 ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log.
network
low complexity
ovirt redhat
critical
9.8
2018-06-19 CVE-2018-1073 Information Exposure vulnerability in multiple products
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
network
low complexity
ovirt redhat CWE-200
5.3
2018-06-19 CVE-2018-1061 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method.
network
low complexity
python debian redhat canonical fedoraproject
7.5
2018-06-18 CVE-2018-1333 Resource Exhaustion vulnerability in multiple products
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service.
network
low complexity
apache redhat canonical netapp CWE-400
7.5
2018-06-18 CVE-2018-1090 Information Exposure vulnerability in multiple products
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer.
network
low complexity
pulpproject fedoraproject redhat CWE-200
7.5