Vulnerabilities > Redhat
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-12 | CVE-2015-1777 | Improper Certificate Validation vulnerability in Redhat Rhn-Client-Tools rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack. | 5.9 |
2018-04-11 | CVE-2018-1100 | zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. | 7.8 |
2018-04-11 | CVE-2017-7534 | Cross-site Scripting vulnerability in Redhat Openshift OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. | 5.4 |
2018-04-06 | CVE-2018-1270 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 9.8 |
2018-04-06 | CVE-2018-1000156 | Improper Input Validation vulnerability in multiple products GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. | 7.8 |
2018-04-05 | CVE-2018-1096 | SQL Injection vulnerability in multiple products An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. | 6.5 |
2018-04-04 | CVE-2018-1097 | A flaw was found in foreman before 1.16.1. | 8.8 |
2018-04-03 | CVE-2018-8778 | Use of Externally-Controlled Format String vulnerability in multiple products In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. | 7.5 |
2018-04-03 | CVE-2018-8777 | Resource Exhaustion vulnerability in multiple products In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). | 7.5 |
2018-04-03 | CVE-2018-6914 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. | 7.5 |