Product:

Enterprise_linux

(Redhat)
Repositories https://github.com/torvalds/linux
https://github.com/Perl/perl5
https://github.com/ceph/ceph
https://github.com/ClusterLabs/pcs
https://github.com/mjg59/linux
#Vulnerabilities 1650
Date Id Summary Products Score Patch Annotated
2018-07-10 CVE-2018-10872 A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise... Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 5.5
2018-07-16 CVE-2018-10840 Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image. Ubuntu_linux, Linux_kernel, Enterprise_linux 6.6
2018-07-18 CVE-2018-10877 Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux 6.5
2018-07-19 CVE-2018-10869 redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd. Certification, Enterprise_linux 7.5
2018-07-25 CVE-2018-10880 Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux 5.5
2018-07-26 CVE-2017-7562 An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances. Kerberos_5, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 6.5
2018-07-26 CVE-2017-12171 A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. Http_server, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 6.5
2018-07-26 CVE-2018-10879 A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 7.8
2018-07-27 CVE-2017-2625 It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions. Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation, Libxdmcp 5.5
2018-07-27 CVE-2018-10882 A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux 5.5