Filtered by vendor Redhat
Subscribe
Search
Total
4673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15909 | 5 Artifex, Canonical, Debian and 2 more | 11 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 8 more | 2019-10-16 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. | |||||
| CVE-2017-1002151 | 1 Redhat | 1 Pagure | 2019-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization | |||||
| CVE-2019-3834 | 1 Redhat | 1 Jboss Operations Network | 2019-10-10 | 6.8 MEDIUM | 7.3 HIGH |
| It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3. | |||||
| CVE-2019-3875 | 1 Redhat | 2 Keycloak, Single Sign-on | 2019-10-09 | 5.8 MEDIUM | 4.8 MEDIUM |
| A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the separately configured path. The CRL are often available over the network through unsecured protocols ('http' or 'ldap') and hence the caller should verify the signature and possibly the certification path. Keycloak currently doesn't validate signatures on CRL, which can result in a possibility of various attacks like man-in-the-middle. | |||||
| CVE-2019-3889 | 1 Redhat | 1 Openshift Container Platform | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link. | |||||
| CVE-2019-3884 | 1 Redhat | 1 Openshift | 2019-10-09 | 5.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected. | |||||
| CVE-2019-3825 | 3 Canonical, Gnome, Redhat | 3 Ubuntu Linux, Gnome Display Manager, Enterprise Linux | 2019-10-09 | 6.9 MEDIUM | 6.4 MEDIUM |
| A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session. | |||||
| CVE-2019-3890 | 2 Gnome, Redhat | 2 Evolution-ews, Enterprise Linux | 2019-10-09 | 5.8 MEDIUM | 8.1 HIGH |
| It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference. | |||||
| CVE-2019-3872 | 1 Redhat | 3 Enterprise Linux, Jboss Enterprise Application Platform, Single Sign-on | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks. | |||||
| CVE-2019-14826 | 2 Freeipa, Redhat | 2 Freeipa, Enterprise Linux | 2019-10-09 | 2.1 LOW | 4.4 MEDIUM |
| A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session. | |||||
| CVE-2019-10136 | 1 Redhat | 2 Satellite, Spacewalk | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. | |||||
| CVE-2019-10183 | 1 Redhat | 2 Enterprise Linux, Virt-manager | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release. | |||||
| CVE-2019-10150 | 1 Redhat | 1 Openshift Container Platform | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output. | |||||
| CVE-2019-10153 | 2 Clusterlabs, Redhat | 4 Fence-agents, Enterprise Linux, Enterprise Linux Server and 1 more | 2019-10-09 | 4.0 MEDIUM | 5.0 MEDIUM |
| A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member. | |||||
| CVE-2019-1003012 | 2 Jenkins, Redhat | 2 Blue Ocean, Openshift Container Platform | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API. | |||||
| CVE-2019-10137 | 1 Redhat | 2 Satellite, Spacewalk | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process. | |||||
| CVE-2019-1003013 | 2 Jenkins, Redhat | 2 Blue Ocean, Openshift Container Platform | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user. | |||||
| CVE-2019-1003014 | 2 Jenkins, Redhat | 2 Config File Provider, Openshift Container Platform | 2019-10-09 | 3.5 LOW | 4.8 MEDIUM |
| An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file. | |||||
| CVE-2019-10157 | 1 Redhat | 2 Keycloak, Single Sign-on | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely. | |||||
| CVE-2018-5379 | 5 Canonical, Debian, Quagga and 2 more | 10 Ubuntu Linux, Debian Linux, Quagga and 7 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. | |||||
| CVE-2018-3760 | 3 Debian, Redhat, Sprockets Project | 4 Debian Linux, Cloudforms, Enterprise Linux and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. | |||||
| CVE-2018-1053 | 4 Canonical, Debian, Postgresql and 1 more | 4 Ubuntu Linux, Debian Linux, Postgresql and 1 more | 2019-10-09 | 3.3 LOW | 7.0 HIGH |
| In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file. | |||||
| CVE-2018-1120 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2019-10-09 | 3.5 LOW | 5.3 MEDIUM |
| A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). | |||||
| CVE-2018-1102 | 1 Redhat | 1 Openshift | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation. | |||||
| CVE-2018-1103 | 1 Redhat | 1 Source-to-image | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command. | |||||
| CVE-2018-1087 | 4 Canonical, Debian, Linux and 1 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest. | |||||
| CVE-2018-1051 | 1 Redhat | 1 Resteasy | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider. | |||||
| CVE-2018-1085 | 1 Redhat | 1 Openshift Container Platform | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster. | |||||
| CVE-2018-1058 | 3 Canonical, Postgresql, Redhat | 3 Ubuntu Linux, Postgresql, Cloudforms | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected. | |||||
| CVE-2018-1117 | 2 Ovirt, Redhat | 2 Ovirt-ansible-roles, Enterprise Virtualization | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation. | |||||
| CVE-2018-1139 | 3 Canonical, Redhat, Samba | 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2019-10-09 | 4.3 MEDIUM | 8.1 HIGH |
| A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client. | |||||
| CVE-2018-1047 | 1 Redhat | 3 Enterprise Linux Server, Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. | |||||
| CVE-2018-1097 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2019-10-09 | 4.0 MEDIUM | 8.8 HIGH |
| A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource. | |||||
| CVE-2018-1090 | 3 Fedoraproject, Pulpproject, Redhat | 3 Fedora, Pulp, Satellite | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets. | |||||
| CVE-2018-1079 | 2 Clusterlabs, Redhat | 2 Pacemaker Command Line Interface, Enterprise Linux | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process. | |||||
| CVE-2018-1077 | 1 Redhat | 2 Satellite, Spacewalk | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server. | |||||
| CVE-2018-1101 | 1 Redhat | 2 Ansible Tower, Cloudforms | 2019-10-09 | 6.5 MEDIUM | 7.2 HIGH |
| Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system. | |||||
| CVE-2018-1096 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database. | |||||
| CVE-2018-1104 | 1 Redhat | 2 Ansible Tower, Cloudforms | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server. | |||||
| CVE-2018-1517 | 2 Ibm, Redhat | 5 Software Development Kit, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681. | |||||
| CVE-2018-1069 | 1 Redhat | 1 Openshift | 2019-10-09 | 5.4 MEDIUM | 7.1 HIGH |
| Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem. | |||||
| CVE-2018-1089 | 3 Debian, Fedoraproject, Redhat | 5 Debian Linux, 389 Directory Server, Enterprise Linux Desktop and 2 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| 389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. | |||||
| CVE-2018-1070 | 1 Redhat | 1 Openshift Container Platform | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard. | |||||
| CVE-2018-1072 | 2 Ovirt, Redhat | 2 Ovirt, Enterprise Virtualization Manager | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords. | |||||
| CVE-2018-1656 | 3 Ibm, Oracle, Redhat | 6 Sdk, Enterprise Manager Base Platform, Enterprise Linux Desktop and 3 more | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. | |||||
| CVE-2018-1106 | 4 Canonical, Debian, Packagekit Project and 1 more | 9 Ubuntu Linux, Debian Linux, Packagekit and 6 more | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system. | |||||
| CVE-2018-1113 | 2 Fedoraproject, Redhat | 6 Fedora, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2019-10-09 | 4.6 MEDIUM | 5.3 MEDIUM |
| setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system. | |||||
| CVE-2018-1130 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2019-10-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. | |||||
| CVE-2018-1086 | 3 Clusterlabs, Debian, Redhat | 3 Pacemaker Command Line Interface, Debian Linux, Enterprise Linux Server Eus | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege. | |||||
| CVE-2018-1118 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. | |||||