Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-09 | CVE-2018-4871 | Out-of-bounds Read vulnerability in multiple products An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. | 7.5 |
| 2018-01-09 | CVE-2017-15131 | It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. | 7.8 |
| 2018-01-09 | CVE-2017-15129 | Race Condition vulnerability in multiple products A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. | 4.7 |
| 2018-01-08 | CVE-2014-1859 | Link Following vulnerability in multiple products (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. | 5.5 |
| 2018-01-08 | CVE-2013-4364 | Link Following vulnerability in Redhat Openshift 1.0/2.0 (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. | 7.8 |
| 2018-01-03 | CVE-2017-18017 | Use After Free vulnerability in multiple products The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | 9.8 |
| 2017-12-29 | CVE-2014-8119 | Improper Input Validation vulnerability in multiple products The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. | 7.5 |
| 2017-12-29 | CVE-2014-0121 | Improper Authentication vulnerability in multiple products The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. | 9.8 |
| 2017-12-29 | CVE-2014-0120 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f." | 8.8 |
| 2017-12-29 | CVE-2016-3695 | Injection vulnerability in multiple products The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. | 5.5 |