Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2018-04-12 CVE-2015-1777 Improper Certificate Validation vulnerability in Redhat Rhn-Client-Tools
rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack.
network
high complexity
redhat CWE-295
5.9
5.9
2018-04-11 CVE-2018-1100 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function.
local
low complexity
zsh canonical redhat
7.8
7.8
2018-04-11 CVE-2017-7534 Cross-site Scripting vulnerability in Redhat Openshift
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods.
network
low complexity
redhat CWE-79
5.4
5.4
2018-04-06 CVE-2018-1270 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module.
network
low complexity
vmware oracle redhat debian
critical
 9.8
9.8
2018-04-06 CVE-2018-1000156 Improper Input Validation vulnerability in multiple products
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution.
local
low complexity
gnu canonical debian redhat CWE-20
7.8
7.8
2018-04-05 CVE-2018-1096 SQL Injection vulnerability in multiple products
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1.
network
low complexity
theforeman redhat CWE-89
6.5
6.5
2018-04-04 CVE-2018-1097 A flaw was found in foreman before 1.16.1.
network
low complexity
theforeman redhat
8.8
8.8
2018-04-03 CVE-2018-8778 Use of Externally-Controlled Format String vulnerability in multiple products
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.
network
low complexity
ruby-lang canonical debian redhat CWE-134
7.5
7.5
2018-04-03 CVE-2018-8777 Resource Exhaustion vulnerability in multiple products
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).
network
low complexity
ruby-lang debian canonical redhat CWE-400
7.5
7.5
2018-04-03 CVE-2018-6914 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a ..
network
low complexity
ruby-lang canonical debian redhat CWE-22
7.5
7.5