Filtered by vendor Redhat
Subscribe
Total
5151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2653 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protect_from_forgery XSRF protection causing the routes to be used. This attack would require additional cross-site scripting or similar attacks in order to execute. | |||||
| CVE-2017-2664 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges. | |||||
| CVE-2017-2665 | 2 Mongodb, Redhat | 2 Mongodb, Storage Console | 2019-10-09 | 1.9 LOW | 7.0 HIGH |
| The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text. | |||||
| CVE-2017-2666 | 2 Debian, Redhat | 4 Debian Linux, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2019-10-09 | 6.4 MEDIUM | 6.5 MEDIUM |
| It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. | |||||
| CVE-2017-2668 | 2 Fedoraproject, Redhat | 4 389 Directory Server, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| 389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. | |||||
| CVE-2017-2670 | 2 Debian, Redhat | 4 Debian Linux, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. | |||||
| CVE-2017-2672 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2019-10-09 | 4.0 MEDIUM | 8.8 HIGH |
| A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems. | |||||
| CVE-2017-2674 | 1 Redhat | 1 Jboss Bpm Suite | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins. | |||||
| CVE-2017-3135 | 4 Debian, Isc, Netapp and 1 more | 10 Debian Linux, Bind, Data Ontap Edge and 7 more | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1. | |||||
| CVE-2017-3137 | 4 Debian, Isc, Netapp and 1 more | 11 Debian Linux, Bind, Data Ontap Edge and 8 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8. | |||||
| CVE-2017-3145 | 4 Debian, Isc, Netapp and 1 more | 9 Debian Linux, Bind, Data Ontap Edge and 6 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1. | |||||
| CVE-2017-3224 | 3 Quagga, Redhat, Suse | 4 Quagga, Package Manager, Opensuse and 1 more | 2019-10-09 | 4.3 MEDIUM | 8.2 HIGH |
| Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages). | |||||
| CVE-2017-2589 | 2 Hawt, Redhat | 2 Hawtio, Jboss Fuse | 2019-10-09 | 6.0 MEDIUM | 9.0 CRITICAL |
| It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies. | |||||
| CVE-2017-2590 | 2 Freeipa, Redhat | 7 Freeipa, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2019-10-09 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys. | |||||
| CVE-2017-2591 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Enterprise Linux | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| 389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service. | |||||
| CVE-2017-2595 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. | |||||
| CVE-2017-2614 | 1 Redhat | 1 Enterprise Virtualization | 2019-10-09 | 2.1 LOW | 6.3 MEDIUM |
| When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts. | |||||
| CVE-2017-2616 | 3 Debian, Redhat, Util-linux Project | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2019-10-09 | 4.7 MEDIUM | 4.7 MEDIUM |
| A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. | |||||
| CVE-2017-2623 | 2 Redhat, Rpm-ostree | 3 Enterprise Linux, Rpm-ostree, Rpm-ostree-client | 2019-10-09 | 4.3 MEDIUM | 5.3 MEDIUM |
| It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certificate pinning is used by default. | |||||
| CVE-2017-2632 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2019-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges. | |||||