Vulnerabilities > Redhat > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-19 | CVE-2017-7481 | Improper Input Validation vulnerability in multiple products Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. | 7.5 |
2018-07-19 | CVE-2017-2673 | Incorrect Authorization vulnerability in Redhat Openstack 10/9 An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). | 7.2 |
2018-07-17 | CVE-2018-14362 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 7.5 |
2018-07-17 | CVE-2018-14357 | OS Command Injection vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 7.5 |
2018-07-17 | CVE-2018-14354 | OS Command Injection vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 7.5 |
2018-07-06 | CVE-2018-13405 | Improper Privilege Management vulnerability in multiple products The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. | 7.8 |
2018-07-02 | CVE-2018-8039 | Improper Handling of Exceptional Conditions vulnerability in multiple products It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. | 8.1 |
2018-07-02 | CVE-2018-10874 | Untrusted Search Path vulnerability in Redhat products In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | 7.8 |
2018-06-26 | CVE-2018-1000544 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. | 7.5 |
2018-06-22 | CVE-2017-7466 | Improper Input Validation vulnerability in Redhat Ansible Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. | 8.5 |