National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:redhat:enterprise_linux:7.0
There are 461 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2018-1336

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

Published: August 02, 2018; 10:29:00 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-10894

It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.

Published: August 01, 2018; 01:29:00 PM -04:00
V3.0: 5.4 MEDIUM
    V2: 5.5 MEDIUM
CVE-2016-9579

A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.

Published: August 01, 2018; 12:29:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2016-8657

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

Published: July 31, 2018; 03:29:00 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2018-10883

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

Published: July 30, 2018; 12:29:00 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2017-7518

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.

Published: July 30, 2018; 11:29:00 AM -04:00
V3.0: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2017-15118

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.

Published: July 27, 2018; 05:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2017-2618

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

Published: July 27, 2018; 03:29:00 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2018-10882

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.

Published: July 27, 2018; 02:29:01 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2017-2625

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

Published: July 27, 2018; 02:29:00 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2017-2623

It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certificate pinning is used by default.

Published: July 27, 2018; 02:29:00 PM -04:00
V3.0: 5.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-2590

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

Published: July 27, 2018; 02:29:00 PM -04:00
V3.0: 8.1 HIGH
    V2: 5.5 MEDIUM
CVE-2017-2670

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.

Published: July 27, 2018; 11:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-2595

It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.

Published: July 27, 2018; 11:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2018-10862

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

Published: July 27, 2018; 10:29:00 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2017-2666

It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.

Published: July 27, 2018; 10:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 6.4 MEDIUM
CVE-2017-12151

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

Published: July 27, 2018; 08:29:00 AM -04:00
V3.0: 7.4 HIGH
    V2: 5.8 MEDIUM
CVE-2018-10879

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.

Published: July 26, 2018; 02:29:00 PM -04:00
V3.0: 7.8 HIGH
    V2: 6.1 MEDIUM
CVE-2017-12150

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

Published: July 26, 2018; 02:29:00 PM -04:00
V3.0: 7.4 HIGH
    V2: 5.8 MEDIUM
CVE-2017-2582

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.

Published: July 26, 2018; 01:29:00 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM