U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:intel64:*
  • CPE Name Search: true
There are 529 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2018-1336

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

Published: August 02, 2018; 10:29:00 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-10894

It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.

Published: August 01, 2018; 1:29:00 PM -0400
V3.0: 5.4 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2016-8657

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

Published: July 31, 2018; 3:29:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2017-2670

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.

Published: July 27, 2018; 11:29:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-2595

It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.

Published: July 27, 2018; 11:29:00 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2018-10862

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

Published: July 27, 2018; 10:29:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2017-2666

It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.

Published: July 27, 2018; 10:29:00 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 6.4 MEDIUM
CVE-2017-12150

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

Published: July 26, 2018; 2:29:00 PM -0400
V3.0: 7.4 HIGH
V2.0: 5.8 MEDIUM
CVE-2017-2582

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.

Published: July 26, 2018; 1:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2017-12167

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.

Published: July 26, 2018; 1:29:00 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2017-12163

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

Published: July 26, 2018; 12:29:00 PM -0400
V3.0: 7.1 HIGH
V2.0: 4.8 MEDIUM
CVE-2018-10872

A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel. No other versions are affected by this CVE.

Published: July 10, 2018; 3:29:00 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2018-3760

There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.

Published: June 26, 2018; 3:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-3665

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

Published: June 21, 2018; 4:29:00 PM -0400
V3.1: 5.6 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2018-1333

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).

Published: June 18, 2018; 2:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-5184

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

Published: June 11, 2018; 5:29:16 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-5117

If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Published: June 11, 2018; 5:29:13 PM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2018-5096

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.

Published: June 11, 2018; 5:29:12 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-5095

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Published: June 11, 2018; 5:29:12 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-5091

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58.

Published: June 11, 2018; 5:29:12 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH