Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-09 | CVE-2018-10184 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in HAProxy before 1.8.8. | 7.5 |
| 2018-05-08 | CVE-2018-8897 | Race Condition vulnerability in multiple products A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. | 7.8 |
| 2018-05-04 | CVE-2013-2233 | Key Management Errors vulnerability in Redhat Ansible Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys. | 7.4 |
| 2018-05-02 | CVE-2018-1104 | Code Injection vulnerability in Redhat Ansible Tower Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server. | 8.8 |
| 2018-05-02 | CVE-2018-1101 | Weak Password Requirements vulnerability in Redhat Ansible Tower Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. | 7.2 |
| 2018-05-02 | CVE-2018-10675 | Use After Free vulnerability in multiple products The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. | 7.8 |
| 2018-05-01 | CVE-2013-2049 | Session Fixation vulnerability in Redhat Cloudforms Management Engine 2.0 Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret. | 7.5 |
| 2018-05-01 | CVE-2013-0185 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Manageiq Enterprise Virtualization Manager Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | 8.8 |
| 2018-05-01 | CVE-2018-10583 | Information Exposure vulnerability in multiple products An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. | 7.5 |
| 2018-04-30 | CVE-2018-1102 | Unspecified vulnerability in Redhat Openshift A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. | 8.8 |