Latest CVE Feed
-
8.8
HIGHCVE-2018-10884
Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoke... Read more
Affected Products : ansible_tower- Published: Aug. 22, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-10883
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.... Read more
- Published: Jul. 30, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-10882
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.... Read more
- Published: Jul. 27, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-10881
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.... Read more
- Published: Jul. 26, 2018
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2018-10880
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.... Read more
- Published: Jul. 25, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-10879
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.... Read more
- Published: Jul. 26, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-10878
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.... Read more
- Published: Jul. 26, 2018
- Modified: Nov. 21, 2024
-
7.3
HIGHCVE-2018-10877
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.... Read more
- Published: Jul. 18, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-10876
A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.... Read more
- Published: Jul. 26, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-10875
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.... Read more
Affected Products : ubuntu_linux debian_linux openstack ceph_storage ansible_engine gluster_storage openshift virtualization virtualization_host package_hub +1 more products- Published: Jul. 13, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-10874
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.... Read more
- Published: Jul. 02, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer w... Read more
- Published: Aug. 17, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2018-10872
A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once th... Read more
- Published: Jul. 10, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2018-10871
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective chang... Read more
- Published: Jul. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-10870
redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.... Read more
- Published: Jul. 19, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-10869
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.... Read more
- Published: Jul. 19, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-10868
redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host.... Read more
Affected Products : certification- Published: May. 26, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2018-10867
Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.... Read more
Affected Products : certification- Published: May. 26, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2018-10866
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him.... Read more
Affected Products : certification- Published: May. 26, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-10865
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him.... Read more
Affected Products : certification- Published: May. 26, 2021
- Modified: Nov. 21, 2024