Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2018-04-16 CVE-2016-9593 Credentials Management vulnerability in multiple products
foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging.
network
low complexity
theforeman redhat CWE-255
8.8
2018-04-16 CVE-2016-9592 Resource Management Errors vulnerability in Redhat Openshift 3.2.1.23/3.3.1.11/3.4
openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error.
network
low complexity
redhat CWE-399
4.3
2018-04-16 CVE-2018-5382 Improper Validation of Integrity Check Value vulnerability in multiple products
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore.
local
low complexity
bouncycastle redhat CWE-354
4.4
2018-04-16 CVE-2018-10120 Improper Validation of Array Index vulnerability in multiple products
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.
local
low complexity
debian libreoffice redhat canonical CWE-129
7.8
2018-04-16 CVE-2018-10119 Use After Free vulnerability in multiple products
sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.
local
low complexity
libreoffice debian redhat canonical CWE-416
7.8
2018-04-12 CVE-2018-1084 corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
network
low complexity
corosync debian redhat canonical
7.5
2018-04-12 CVE-2018-1079 Path Traversal vulnerability in multiple products
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call.
network
low complexity
clusterlabs redhat CWE-22
6.5
2018-04-12 CVE-2018-1086 Information Exposure vulnerability in multiple products
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass.
network
low complexity
clusterlabs debian redhat CWE-200
7.5
2018-04-12 CVE-2015-1777 Improper Certificate Validation vulnerability in Redhat Rhn-Client-Tools
rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack.
network
high complexity
redhat CWE-295
5.9
2018-04-11 CVE-2018-1100 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function.
local
low complexity
zsh canonical redhat
7.8