Redhat: Security Vulnerabilities
Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.
CVSS Score
6.5
EPSS Score
0.007
Published
2018-07-09
Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVSS Score
6.5
EPSS Score
0.007
Published
2018-07-09
CVE-2018-5002
Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Known exploited
CVSS Score
7.8
EPSS Score
0.485
Published
2018-07-09
Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVSS Score
8.8
EPSS Score
0.03
Published
2018-07-09
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
CVSS Score
6.5
EPSS Score
0.029
Published
2018-07-09
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.
CVSS Score
6.3
EPSS Score
0.002
Published
2018-07-06
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-07-06
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.
CVSS Score
4.8
EPSS Score
0.0
Published
2018-07-06
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
CVSS Score
9.8
EPSS Score
0.078
Published
2018-07-05
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-07-05