Vulnerabilities > Redhat > Enterprise Linux Server EUS > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-09 CVE-2018-10915 SQL Injection vulnerability in multiple products
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. 		6.0
6.0
2018-08-01 CVE-2016-8635 Improperly Implemented Security Check for Standard vulnerability in multiple products
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack.
network
high complexity
mozilla redhat CWE-358
5.9
5.9
2018-07-27 CVE-2017-15097 Link Following vulnerability in Redhat products
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL.
local
low complexity
redhat CWE-59
6.7
6.7
2018-07-27 CVE-2017-2633 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver.
network
low complexity
qemu redhat CWE-787
6.5
6.5
2018-07-27 CVE-2017-2626 Insufficient Entropy vulnerability in multiple products
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys.
local
low complexity
freedesktop redhat CWE-331
5.5
5.5
2018-07-27 CVE-2017-2618 Off-by-one Error vulnerability in multiple products
A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10.
local
low complexity
linux redhat debian CWE-193
5.5
5.5
2018-07-27 CVE-2017-2616 Race Condition vulnerability in multiple products
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. 		4.7
4.7
2018-07-27 CVE-2017-2625 Insufficient Entropy vulnerability in multiple products
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys.
local
low complexity
x-org redhat CWE-331
5.5
5.5
2018-07-27 CVE-2017-2590 Permission Issues vulnerability in multiple products
A vulnerability was found in ipa before 4.4.
network
low complexity
freeipa redhat CWE-275
5.5
5.5
2018-07-27 CVE-2017-12173 Improper Input Validation vulnerability in multiple products
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection.
network
low complexity
redhat fedoraproject CWE-20
4.0
4.0