Lucene search
+L

4 matches found

CVE
CVE
added 2018/07/19 10:0 p.m.115 views

CVE-2018-10869

The CVE-2018-10869 vulnerability affects redhat-certification and allows a remote attacker to download any file accessible by the web server user via the /download page due to improper access restriction. Red Hat’s RHSA-2018:2373 (and related advisories) document this issue and provide a security...

7.5CVSS7.6AI score0.02768EPSS
CVE
CVE
added 2018/07/19 10:0 p.m.77 views

CVE-2018-10870

CVE-2018-10870 affects the Red Hat package redhat-certification. The issue is in rhcertStore.py:__saveResultsFile, which allows writing arbitrary files and can lead to remote code execution. Public sources (NVD, RHSA-2018:2373) describe the vulnerability as high/critical with network attack vecto...

9.8CVSS9.7AI score0.06182EPSS
CVE
CVE
added 2018/08/13 5:0 p.m.74 views

CVE-2018-10864

Summary: CVE-2018-10864 affects Red Hat’s redhat-certification. The issue is an uncontrolled resource consumption in document loading, where an attacker can supply an existing but invalid XML file that is opened and never closed, potentially causing a Denial of Service. Root cause: improper handl...

6.2CVSS6.6AI score0.01232EPSS
CVE
CVE
added 2021/03/16 9:2 p.m.67 views

CVE-2019-3897

CVE-2019-3897 affects Red Hat Certification 6 and 7. Affected component: /var/www/rhcert exposure allowing an unauthorized user to download any file by knowing its name. Root cause details are not provided in the available documents, but CVSS metrics indicate remote access with no authentication ...

5.3CVSS5.2AI score0.0091EPSS