Vulnerabilities > Redhat > High

DATE CVE VULNERABILITY TITLE RISK
2019-02-06 CVE-2019-7548 SQL Injection vulnerability in multiple products
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
local
low complexity
sqlalchemy debian opensuse redhat oracle CWE-89
7.8
2019-02-06 CVE-2018-16890 Integer Overflow or Wraparound vulnerability in multiple products
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read.
7.5
2019-02-06 CVE-2019-1003011 Uncontrolled Recursion vulnerability in multiple products
An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.
network
low complexity
jenkins redhat CWE-674
8.1
2019-02-05 CVE-2019-3818 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0.
network
low complexity
redhat kube-rbac-proxy-project CWE-327
7.5
2019-02-04 CVE-2019-3813 Off-by-one Error vulnerability in multiple products
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt.
7.5
2019-02-03 CVE-2019-7310 Incorrect Conversion between Numeric Types vulnerability in multiple products
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
7.8
2019-01-28 CVE-2018-16889 Unspecified vulnerability in Redhat Ceph
Ceph does not properly sanitize encryption keys in debug logging for v4 auth.
network
low complexity
redhat
7.5
2019-01-25 CVE-2018-16881 Integer Overflow or Wraparound vulnerability in multiple products
A denial of service vulnerability was found in rsyslog in the imptcp module.
network
low complexity
rsyslog redhat debian CWE-190
7.5
2019-01-22 CVE-2018-14666 Incorrect Authorization vulnerability in Redhat Satellite
An improper authorization flaw was found in the Smart Class feature of Foreman.
network
low complexity
redhat CWE-863
7.2
2019-01-22 CVE-2019-1003004 An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time.
network
low complexity
jenkins redhat
7.2