Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2018-05-09 CVE-2018-1089 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows.
network
low complexity
fedoraproject redhat debian CWE-119
7.5
2018-05-09 CVE-2018-10683 Improper Authentication vulnerability in Redhat Wildfly 10.1.2
An issue was discovered in WildFly 10.1.2.Final.
network
low complexity
redhat CWE-287
critical
9.8
2018-05-09 CVE-2018-10184 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in HAProxy before 1.8.8.
network
low complexity
haproxy redhat CWE-119
7.5
2018-05-08 CVE-2018-8897 Race Condition vulnerability in multiple products
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash.
7.8
2018-05-08 CVE-2017-2611 Incorrect Authorization vulnerability in multiple products
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389).
network
low complexity
jenkins redhat CWE-863
4.3
2018-05-06 CVE-2018-10768 NULL Pointer Dereference vulnerability in multiple products
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5.
network
low complexity
freedesktop canonical debian redhat CWE-476
6.5
2018-05-06 CVE-2018-10767 Out-of-bounds Read vulnerability in multiple products
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call.
network
low complexity
gnome redhat CWE-125
6.5
2018-05-06 CVE-2018-0494 Improper Input Validation vulnerability in multiple products
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
network
low complexity
gnu canonical debian redhat CWE-20
6.5
2018-05-04 CVE-2013-2233 Key Management Errors vulnerability in Redhat Ansible
Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.
network
high complexity
redhat CWE-320
7.4
2018-05-04 CVE-2018-10733 Out-of-bounds Read vulnerability in multiple products
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0.
network
low complexity
gnome redhat opensuse CWE-125
6.5