8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
75.5%
Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.
Security Fix(es):
postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915)
postgresql: Missing authorization and memory disclosure in INSERT … ON CONFLICT DO UPDATE statements (CVE-2018-10925)
postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask (CVE-2018-1053)
postgresql: Uncontrolled search path element in pg_dump and other client applications (CVE-2018-1058)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank the PostgreSQL project for reporting CVE-2018-10915, CVE-2018-10925 and CVE-2018-1053. Upstream acknowledges Andrew Krasichkov as the original reporter of CVE-2018-10915; and Tom Lane as the original reporter of CVE-2018-1053.
Additional Changes:
This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | x86_64 | dbus-api-service | < 1.0.1-3.1.el7cf | dbus-api-service-1.0.1-3.1.el7cf.x86_64.rpm |
RedHat | 7 | x86_64 | cfme-gemset-debuginfo | < 5.9.6.5-2.el7cf | cfme-gemset-debuginfo-5.9.6.5-2.el7cf.x86_64.rpm |
RedHat | 7 | x86_64 | cfme | < 5.9.6.5-3.el7cf | cfme-5.9.6.5-3.el7cf.x86_64.rpm |
RedHat | 7 | x86_64 | postgresql96-docs | < 9.6.10-1PGDG.el7at | postgresql96-docs-9.6.10-1PGDG.el7at.x86_64.rpm |
RedHat | 7 | x86_64 | postgresql96-libs | < 9.6.10-1PGDG.el7at | postgresql96-libs-9.6.10-1PGDG.el7at.x86_64.rpm |
RedHat | 7 | x86_64 | cfme-appliance-debuginfo | < 5.9.6.5-1.el7cf | cfme-appliance-debuginfo-5.9.6.5-1.el7cf.x86_64.rpm |
RedHat | 7 | x86_64 | cfme-gemset | < 5.9.6.5-2.el7cf | cfme-gemset-5.9.6.5-2.el7cf.x86_64.rpm |
RedHat | 7 | x86_64 | postgresql96-debuginfo | < 9.6.10-1PGDG.el7at | postgresql96-debuginfo-9.6.10-1PGDG.el7at.x86_64.rpm |
RedHat | 7 | x86_64 | postgresql96-server | < 9.6.10-1PGDG.el7at | postgresql96-server-9.6.10-1PGDG.el7at.x86_64.rpm |
RedHat | 7 | x86_64 | postgresql96-test | < 9.6.10-1PGDG.el7at | postgresql96-test-9.6.10-1PGDG.el7at.x86_64.rpm |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
75.5%