National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:redhat:enterprise_linux:7.0
There are 461 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity

In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.

Published: January 07, 2020; 12:15:11 PM -05:00
V3.1: 7.3 HIGH
    V2: 6.9 MEDIUM

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

Published: January 02, 2020; 10:15:12 AM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.

Published: December 19, 2019; 04:15:13 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 5.0 MEDIUM

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

Published: December 03, 2019; 03:15:11 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 2.9 LOW

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.

Published: November 27, 2019; 06:15:10 PM -05:00
V3.1: 4.7 MEDIUM
    V2: 1.9 LOW

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.

Published: November 27, 2019; 01:15:11 PM -05:00
V3.1: 3.3 LOW
    V2: 2.1 LOW

A password generation weakness exists in xquest through 2016-06-13.

Published: November 27, 2019; 11:15:11 AM -05:00
V3.1: 2.5 LOW
    V2: 1.9 LOW

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.

Published: November 25, 2019; 10:15:27 AM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM

A flaw was discovered in ibus that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.

Published: November 25, 2019; 07:15:11 AM -05:00
V3.1: 7.1 HIGH
    V2: 3.6 LOW

A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.

Published: November 25, 2019; 06:15:11 AM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

Published: November 22, 2019; 10:15:11 AM -05:00
V3.1: 4.7 MEDIUM
    V2: 3.3 LOW

redhat-upgrade-tool: Does not check GPG signatures when upgrading versions

Published: November 22, 2019; 10:15:10 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH

Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability

Published: November 18, 2019; 06:15:11 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW

A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 5.9 MEDIUM
    V2: 7.1 HIGH

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

Published: November 15, 2019; 11:15:10 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.

Published: November 08, 2019; 10:15:11 AM -05:00
V3.1: 6.5 MEDIUM
    V2: 3.5 LOW

Pagure: XSS possible in file attachment endpoint

Published: November 06, 2019; 02:15:11 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM

The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.

Published: November 06, 2019; 10:15:10 AM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

Published: November 05, 2019; 05:15:10 PM -05:00
V3.1: 3.3 LOW
    V2: 2.1 LOW

Cache Poisoning issue exists in DNS Response Rate Limiting.

Published: November 05, 2019; 02:15:10 PM -05:00
V3.1: 5.9 MEDIUM
    V2: 2.6 LOW