U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:redhat:enterprise_linux:7.0
There are 636 matching records.
Displaying matches 341 through 360.
Vuln ID Summary CVSS Severity
CVE-2018-10869

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.

Published: July 19, 2018; 6:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-7481

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.

Published: July 19, 2018; 9:29:00 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-10877

Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.

Published: July 18, 2018; 11:29:00 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2018-10840

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.

Published: July 16, 2018; 4:29:00 PM -0400
V3.1: 6.6 MEDIUM
V2.0: 7.2 HIGH
CVE-2018-3693

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

Published: July 10, 2018; 5:29:01 PM -0400
V3.0: 5.6 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2018-1129

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

Published: July 10, 2018; 10:29:00 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 3.3 LOW
CVE-2018-1128

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

Published: July 10, 2018; 10:29:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.4 MEDIUM
CVE-2018-10892

The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.

Published: July 06, 2018; 12:29:00 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2018-3760

There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.

Published: June 26, 2018; 3:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-3665

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

Published: June 21, 2018; 4:29:00 PM -0400
V3.1: 5.6 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2018-1073

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.

Published: June 19, 2018; 8:29:00 AM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2018-1333

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).

Published: June 18, 2018; 2:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-10850

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.

Published: June 13, 2018; 4:29:00 PM -0400
V3.0: 5.9 MEDIUM
V2.0: 7.1 HIGH
CVE-2018-11806

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.

Published: June 13, 2018; 12:29:01 PM -0400
V3.1: 8.2 HIGH
V2.0: 7.2 HIGH
CVE-2018-5184

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

Published: June 11, 2018; 5:29:16 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-5117

If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Published: June 11, 2018; 5:29:13 PM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2018-5096

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.

Published: June 11, 2018; 5:29:12 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-5095

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Published: June 11, 2018; 5:29:12 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-5091

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58.

Published: June 11, 2018; 5:29:12 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-7848

RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.

Published: June 11, 2018; 5:29:12 PM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM