Showing 1 - 1 of 1

CVE-2018-10870

Status Candidate

Overview

redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.

Related Files

Red Hat Security Advisory 2018-2373-01: Posted Aug 10, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-2373-01 - The redhat-certification package provides partners with a unified web-based user interface to certify their products for use on Red Hat Infrastructure. It can currently be used in the latest releases of Red Hat Certified Cloud and Service Provider Certification, Red Hat OpenStack Certification and Red Hat Hardware Certification Programs. Issues addressed include writeable and downloadable file vulnerabilities.; tags | advisory, web, vulnerability; systems | linux, redhat; advisories | CVE-2018-10864, CVE-2018-10869, CVE-2018-10870; SHA-256 | 9286e36fffceb1c677171034038eb15e4450446f75085006ffa42eea1ff46f8c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 297 files
Ubuntu 69 files
Debian 20 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
LiquidWorm 4 files
Spencer McIntyre 3 files
Alter Prime 3 files
Jann Horn 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2018-10870

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems