Filtered by vendor Redhat
Subscribe
Total
5666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10870 | 1 Redhat | 2 Certification, Enterprise Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution. | |||||
| CVE-2018-10869 | 1 Redhat | 2 Certification, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd. | |||||
| CVE-2018-10868 | 1 Redhat | 1 Certification | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host. | |||||
| CVE-2018-10867 | 1 Redhat | 1 Certification | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user. | |||||
| CVE-2018-10866 | 1 Redhat | 1 Certification | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him. | |||||
| CVE-2018-10865 | 1 Redhat | 1 Certification | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him. | |||||
| CVE-2018-10864 | 1 Redhat | 2 Certification, Linux | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service. | |||||
| CVE-2018-10863 | 1 Redhat | 1 Certification | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information. | |||||
| CVE-2018-10862 | 1 Redhat | 4 Enterprise Linux, Jboss Enterprise Application Platform, Virtualization and 1 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability. | |||||
| CVE-2018-10861 | 4 Ceph, Debian, Opensuse and 1 more | 9 Ceph, Debian Linux, Leap and 6 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected. | |||||
| CVE-2018-10858 | 4 Canonical, Debian, Redhat and 1 more | 8 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | 6.5 MEDIUM | 4.3 MEDIUM |
| A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. | |||||
| CVE-2018-10855 | 3 Canonical, Debian, Redhat | 6 Ubuntu Linux, Debian Linux, Ansible Engine and 3 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. | |||||
| CVE-2018-10854 | 2 Linux, Redhat | 2 Linux Kernel, Cloudforms Management Engine | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field. | |||||
| CVE-2018-10852 | 3 Debian, Fedoraproject, Redhat | 5 Debian Linux, Sssd, Enterprise Linux Desktop and 2 more | 2024-11-21 | 5.0 MEDIUM | 3.8 LOW |
| The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. | |||||
| CVE-2018-10850 | 3 Debian, Fedoraproject, Redhat | 9 Debian Linux, 389 Directory Server, Enterprise Linux and 6 more | 2024-11-21 | 7.1 HIGH | 5.9 MEDIUM |
| 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. | |||||
| CVE-2018-10846 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 1.9 LOW | 5.6 MEDIUM |
| A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. | |||||
| CVE-2018-10845 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. | |||||
| CVE-2018-10844 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. | |||||
| CVE-2018-10843 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 9.0 HIGH | 8.5 HIGH |
| source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user. | |||||
| CVE-2018-10840 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 7.2 HIGH | 6.6 MEDIUM |
| Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image. | |||||