U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:redhat:enterprise_linux_desktop:7.0::~~~~x64~
There are 4 matching records.
Displaying matches 1 through 4.
Vuln ID Summary CVSS Severity
CVE-2019-14823

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

Published: October 14, 2019; 4:15:10 PM -0400
V3.1: 7.4 HIGH
V2.0: 5.8 MEDIUM
CVE-2018-14650

It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.

Published: September 27, 2018; 4:29:00 PM -0400
V3.0: 5.0 MEDIUM
V2.0: 1.9 LOW
CVE-2018-14622

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.

Published: August 30, 2018; 9:29:00 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-3665

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

Published: June 21, 2018; 4:29:00 PM -0400
V3.1: 5.6 MEDIUM
V2.0: 4.7 MEDIUM