Vulnerabilities > Redhat > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-26 CVE-2018-10852 Information Exposure vulnerability in multiple products
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user.
network
low complexity
debian fedoraproject redhat CWE-200
7.5
7.5
2018-06-22 CVE-2017-7466 Improper Input Validation vulnerability in Redhat Ansible
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems.
network
low complexity
redhat CWE-20
8.0
8.0
2018-06-21 CVE-2017-2672 Improper Privilege Management vulnerability in multiple products
A flaw was found in foreman before version 1.15 in the logging of adding and registering images.
network
low complexity
theforeman redhat CWE-269
8.8
8.8
2018-06-19 CVE-2018-1061 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method.
network
low complexity
python debian redhat canonical fedoraproject
7.5
7.5
2018-06-18 CVE-2018-1333 Resource Exhaustion vulnerability in multiple products
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service.
network
low complexity
apache redhat canonical netapp CWE-400
7.5
7.5
2018-06-18 CVE-2018-1090 Information Exposure vulnerability in multiple products
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer.
network
low complexity
pulpproject fedoraproject redhat CWE-200
7.5
7.5
2018-06-18 CVE-2018-1060 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method.
network
low complexity
python fedoraproject canonical redhat debian
7.5
7.5
2018-06-13 CVE-2018-11806 Out-of-bounds Write vulnerability in multiple products
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
local
low complexity
qemu canonical redhat debian CWE-787
8.2
8.2
2018-06-12 CVE-2018-5848 Integer Overflow or Wraparound vulnerability in multiple products
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly.
local
low complexity
google redhat debian CWE-190
7.8
7.8
2018-06-12 CVE-2018-1070 Improper Input Validation vulnerability in Redhat Openshift Container Platform
routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down.
network
low complexity
redhat CWE-20
7.5
7.5