Vulnerabilities > Redhat > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-02-28 CVE-2018-7568 Integer Overflow or Wraparound vulnerability in multiple products
The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.
local
low complexity
gnu redhat CWE-190
5.5
5.5
2018-02-28 CVE-2018-1304 The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition.
network
high complexity
apache redhat debian canonical oracle
5.9
5.9
2018-02-16 CVE-2018-1049 Race Condition vulnerability in multiple products
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang.
network
high complexity
systemd-project redhat canonical debian CWE-362
5.9
5.9
2018-02-09 CVE-2014-8171 Resource Management Errors vulnerability in multiple products
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.
local
low complexity
linux redhat CWE-399
5.5
5.5
2018-02-09 CVE-2017-10690 Improper Privilege Management vulnerability in multiple products
In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from.
network
low complexity
puppet redhat CWE-269
6.5
6.5
2018-02-09 CVE-2017-10689 Improper Privilege Management vulnerability in multiple products
In previous versions of Puppet Agent it was possible to install a module with world writable permissions.
local
low complexity
puppet canonical redhat CWE-269
5.5
5.5
2018-01-26 CVE-2018-5750 Information Exposure vulnerability in multiple products
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
local
low complexity
linux debian canonical redhat CWE-200
5.5
5.5
2018-01-24 CVE-2018-1047 Improper Input Validation vulnerability in Redhat products
A flaw was found in Wildfly 9.x.
local
low complexity
redhat CWE-20
5.5
5.5
2018-01-23 CVE-2018-5683 Out-of-bounds Read vulnerability in multiple products
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
local
low complexity
qemu debian redhat canonical CWE-125
6.0
6.0
2018-01-23 CVE-2018-5950 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
network
low complexity
gnu debian canonical redhat CWE-79
6.1
6.1