Lucene search
K
RedhatCertification

9 matches found

CVE
CVE
added 2018/07/19 10:0 p.m.114 views

CVE-2018-10869

The CVE-2018-10869 vulnerability affects redhat-certification and allows a remote attacker to download any file accessible by the web server user via the /download page due to improper access restriction. Red Hat’s RHSA-2018:2373 (and related advisories) document this issue and provide a security...

7.5CVSS7.6AI score0.02768EPSS
CVE
CVE
added 2018/07/19 10:0 p.m.76 views

CVE-2018-10870

CVE-2018-10870 affects the Red Hat package redhat-certification. The issue is in rhcertStore.py:__saveResultsFile, which allows writing arbitrary files and can lead to remote code execution. Public sources (NVD, RHSA-2018:2373) describe the vulnerability as high/critical with network attack vecto...

9.8CVSS9.7AI score0.06182EPSS
CVE
CVE
added 2018/08/13 5:0 p.m.73 views

CVE-2018-10864

Summary: CVE-2018-10864 affects Red Hat’s redhat-certification. The issue is an uncontrolled resource consumption in document loading, where an attacker can supply an existing but invalid XML file that is opened and never closed, potentially causing a Denial of Service. Root cause: improper handl...

6.2CVSS6.6AI score0.01232EPSS
CVE
CVE
added 2021/03/16 9:2 p.m.66 views

CVE-2019-3897

CVE-2019-3897 affects Red Hat Certification 6 and 7. Affected component: /var/www/rhcert exposure allowing an unauthorized user to download any file by knowing its name. Root cause details are not provided in the available documents, but CVSS metrics indicate remote access with no authentication ...

5.3CVSS5.2AI score0.0091EPSS
CVE
CVE
added 2021/05/26 6:3 p.m.63 views

CVE-2018-10863

CVE-2018-10863 affects redhat-certification 7, where improper configuration allows listing all files/directories under /var/www/rhcert/store/transfer via the /rhcert-transfer URL, enabling information disclosure. The impact is exposure of sensitive information, per multiple connected records. Exp...

7.5CVSS7.4AI score0.01063EPSS
CVE
CVE
added 2021/05/26 6:3 p.m.63 views

CVE-2018-10868

CVE-2018-10868 concerns Red Hat Certification (redhat-certification) 7, where the XML parser allows an unbounded number of recursive entity definitions. The root cause is improper restriction of recursive definitions in XML documents, enabling an unauthenticated user to trigger a memory/time exha...

7.5CVSS7.5AI score0.01104EPSS
CVE
CVE
added 2021/05/26 6:3 p.m.56 views

CVE-2018-10866

CVE-2018-10866 affects redhat-certification version 7. The vulnerability stems from the /configuration view not performing an authorization check, enabling an unauthenticated user to remove a host-specific XML file (a “system” file). This represents an integrity/availability risk without requirin...

9.1CVSS9.2AI score0.01045EPSS
CVE
CVE
added 2021/05/26 6:3 p.m.56 views

CVE-2018-10867

CVE-2018-10867 affects Red Hat redhat-certification 7. The flaw is an access-control error on the /update/results page, allowing a remote attacker to delete any file accessible by the user running httpd (apache). Root cause: insufficient access restriction for update results. Impact: potential da...

9.1CVSS9.1AI score0.01069EPSS
CVE
CVE
added 2021/05/26 6:3 p.m.54 views

CVE-2018-10865

The vulnerability CVE-2018-10865 affects redhat-certification version 7 and involves the /configuration view lacking proper authorization. An unauthenticated user can call a restart RPC method on any host accessible by the system, even if not owned by them, potentially causing disruption or denia...

7.5CVSS7.5AI score0.01034EPSS