Filtered by vendor Redhat Subscriptions
Total 22995 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-1199 3 Oracle, Redhat, Vmware 6 Rapid Planning, Retail Xstore Point Of Service, Fuse and 3 more 2024-11-21 5.3 Medium
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.
CVE-2018-1139 3 Canonical, Redhat, Samba 7 Ubuntu Linux, Enterprise Linux, Enterprise Linux Desktop and 4 more 2024-11-21 8.1 High
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.
CVE-2018-1131 2 Infinispan, Redhat 3 Infinispan, Jboss Data Grid, Jboss Fuse 2024-11-21 N/A
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.
CVE-2018-1130 4 Canonical, Debian, Linux and 1 more 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more 2024-11-21 N/A
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
CVE-2018-1129 4 Ceph, Debian, Opensuse and 1 more 10 Ceph, Debian Linux, Leap and 7 more 2024-11-21 N/A
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
CVE-2018-1128 3 Debian, Opensuse, Redhat 10 Debian Linux, Leap, Ceph and 7 more 2024-11-21 N/A
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
CVE-2018-1127 1 Redhat 2 Gluster Storage, Storage 2024-11-21 N/A
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.
CVE-2018-1126 5 Canonical, Debian, Procps-ng Project and 2 more 13 Ubuntu Linux, Debian Linux, Procps-ng and 10 more 2024-11-21 N/A
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
CVE-2018-1124 6 Canonical, Debian, Opensuse and 3 more 13 Ubuntu Linux, Debian Linux, Leap and 10 more 2024-11-21 7.8 High
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
CVE-2018-1122 4 Canonical, Debian, Procps-ng Project and 1 more 9 Ubuntu Linux, Debian Linux, Procps-ng and 6 more 2024-11-21 N/A
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
CVE-2018-1120 4 Canonical, Debian, Linux and 1 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2024-11-21 N/A
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
CVE-2018-1118 4 Canonical, Debian, Linux and 1 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2024-11-21 N/A
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
CVE-2018-1117 2 Ovirt, Redhat 3 Ovirt-ansible-roles, Enterprise Virtualization, Rhev Manager 2024-11-21 N/A
ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation.
CVE-2018-1116 4 Canonical, Debian, Polkit Project and 1 more 4 Ubuntu Linux, Debian Linux, Polkit and 1 more 2024-11-21 4.4 Medium
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.
CVE-2018-1115 3 Opensuse, Postgresql, Redhat 3 Leap, Postgresql, Rhel Software Collections 2024-11-21 9.1 Critical
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.
CVE-2018-1114 1 Redhat 7 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Fuse and 4 more 2024-11-21 N/A
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
CVE-2018-1113 2 Fedoraproject, Redhat 6 Fedora, Enterprise Linux, Enterprise Linux Desktop and 3 more 2024-11-21 N/A
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.
CVE-2018-1112 2 Gluster, Redhat 3 Glusterfs, Enterprise Linux, Storage 2024-11-21 N/A
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.
CVE-2018-1111 2 Fedoraproject, Redhat 11 Fedora, Enterprise Linux, Enterprise Linux Desktop and 8 more 2024-11-21 N/A
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
CVE-2018-1109 2 Braces Project, Redhat 2 Braces, Quay 2024-11-21 5.3 Medium
A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.