Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2018-02-19 CVE-2018-5379 Double Free vulnerability in multiple products
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes.
network
low complexity
quagga debian canonical redhat siemens CWE-415
critical
9.8
2018-02-18 CVE-2018-7208 Improper Input Validation vulnerability in multiple products
In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.
local
low complexity
gnu redhat CWE-20
7.8
2018-02-16 CVE-2018-1049 Race Condition vulnerability in multiple products
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang.
network
high complexity
systemd-project redhat canonical debian CWE-362
5.9
2018-02-15 CVE-2018-1041 Infinite Loop vulnerability in multiple products
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer.
network
low complexity
jboss redhat CWE-835
7.5
2018-02-12 CVE-2018-6927 Integer Overflow or Wraparound vulnerability in multiple products
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
local
low complexity
linux canonical debian redhat CWE-190
7.8
2018-02-09 CVE-2018-1000026 Improper Input Validation vulnerability in multiple products
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line.
network
low complexity
linux canonical redhat debian CWE-20
7.7
2018-02-09 CVE-2014-8171 Resource Management Errors vulnerability in multiple products
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.
local
low complexity
linux redhat CWE-399
5.5
2018-02-09 CVE-2017-10690 Improper Privilege Management vulnerability in multiple products
In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from.
network
low complexity
puppet redhat CWE-269
6.5
2018-02-09 CVE-2017-10689 Improper Privilege Management vulnerability in multiple products
In previous versions of Puppet Agent it was possible to install a module with world writable permissions.
local
low complexity
puppet canonical redhat CWE-269
5.5
2018-02-09 CVE-2018-1053 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files.
local
high complexity
postgresql debian canonical redhat CWE-732
7.0