Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:x86:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-7562 |
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances. Published: July 26, 2018; 11:29:00 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-7543 |
A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. Published: July 26, 2018; 10:29:00 AM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-7539 |
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. Published: July 26, 2018; 10:29:00 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-10880 |
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. Published: July 25, 2018; 9:29:00 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 7.1 HIGH |
CVE-2018-10870 |
redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution. Published: July 19, 2018; 6:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-10869 |
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd. Published: July 19, 2018; 6:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-7481 |
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. Published: July 19, 2018; 9:29:00 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-10877 |
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. Published: July 18, 2018; 11:29:00 AM -0400 |
V3.0: 6.5 MEDIUM V2.0: 6.8 MEDIUM |
CVE-2018-10840 |
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image. Published: July 16, 2018; 4:29:00 PM -0400 |
V3.1: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2018-3693 |
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. Published: July 10, 2018; 5:29:01 PM -0400 |
V3.1: 5.6 MEDIUM V2.0: 4.7 MEDIUM |
CVE-2018-1129 |
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. Published: July 10, 2018; 10:29:00 AM -0400 |
V3.0: 6.5 MEDIUM V2.0: 3.3 LOW |
CVE-2018-1128 |
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. Published: July 10, 2018; 10:29:00 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.4 MEDIUM |
CVE-2018-10892 |
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. Published: July 06, 2018; 12:29:00 PM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2018-3760 |
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. Published: June 26, 2018; 3:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-3665 |
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. Published: June 21, 2018; 4:29:00 PM -0400 |
V3.1: 5.6 MEDIUM V2.0: 4.7 MEDIUM |
CVE-2018-1073 |
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts. Published: June 19, 2018; 8:29:00 AM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2018-1333 |
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33). Published: June 18, 2018; 2:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-10850 |
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. Published: June 13, 2018; 4:29:00 PM -0400 |
V3.0: 5.9 MEDIUM V2.0: 7.1 HIGH |
CVE-2018-11806 |
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. Published: June 13, 2018; 12:29:01 PM -0400 |
V3.1: 8.2 HIGH V2.0: 7.2 HIGH |
CVE-2018-5184 |
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. Published: June 11, 2018; 5:29:16 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |