Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2018-01-10 CVE-2017-12189 Unspecified vulnerability in Redhat products
It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation.
local
low complexity
redhat
7.8
2018-01-10 CVE-2017-17485 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw.
network
low complexity
fasterxml debian redhat netapp CWE-502
critical
9.8
2018-01-10 CVE-2017-7559 HTTP Request Smuggling vulnerability in Redhat Undertow
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters.
network
low complexity
redhat CWE-444
6.1
2018-01-10 CVE-2017-7536 Unsafe Reflection vulnerability in Redhat products
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur.
local
high complexity
redhat CWE-470
7.0
2018-01-09 CVE-2018-4871 Out-of-bounds Read vulnerability in multiple products
An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137.
network
low complexity
redhat adobe CWE-125
7.5
2018-01-09 CVE-2017-15131 It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy.
local
low complexity
freedesktop redhat
7.8
2018-01-09 CVE-2017-15129 Race Condition vulnerability in multiple products
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11.
local
high complexity
linux fedoraproject canonical redhat CWE-362
4.7
2018-01-08 CVE-2014-1859 Link Following vulnerability in multiple products
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.
local
low complexity
numpy redhat fedoraproject CWE-59
5.5
2018-01-08 CVE-2013-4364 Link Following vulnerability in Redhat Openshift 1.0/2.0
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.
local
low complexity
redhat CWE-59
7.8
2018-01-03 CVE-2017-18017 Use After Free vulnerability in multiple products
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
network
low complexity
linux debian arista f5 suse opensuse openstack canonical redhat CWE-416
critical
9.8