Vulnerabilities > Redhat > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-26 | CVE-2018-1000544 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. | 9.8 |
| 2018-06-20 | CVE-2018-1117 | ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. | 9.8 |
| 2018-06-18 | CVE-2018-12533 | Expression Language Injection vulnerability in Redhat Richfaces JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310. | 9.8 |
| 2018-06-18 | CVE-2018-12532 | Expression Language Injection vulnerability in Redhat Richfaces JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309. | 9.8 |
| 2018-06-17 | CVE-2018-11219 | Integer Overflow or Wraparound vulnerability in multiple products An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. | 9.8 |
| 2018-06-17 | CVE-2018-11218 | Out-of-bounds Write vulnerability in multiple products Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. | 9.8 |
| 2018-06-15 | CVE-2018-1085 | Improper Authentication vulnerability in Redhat Openshift Container Platform openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. | 9.8 |
| 2018-06-11 | CVE-2018-5183 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers backported selected changes in the Skia library. | 9.8 |
| 2018-06-11 | CVE-2018-5159 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. | 9.8 |
| 2018-06-11 | CVE-2018-5155 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. | 9.8 |