Vulnerabilities > Redhat > Enterprise Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-27 | CVE-2017-2625 | Insufficient Entropy vulnerability in multiple products It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. | 5.5 |
| 2018-07-27 | CVE-2017-2623 | Improper Certificate Validation vulnerability in multiple products It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. | 4.3 |
| 2018-07-27 | CVE-2017-2590 | Permission Issues vulnerability in multiple products A vulnerability was found in ipa before 4.4. | 5.5 |
| 2018-07-27 | CVE-2017-2670 | Infinite Loop vulnerability in multiple products It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. | 5.0 |
| 2018-07-27 | CVE-2017-2595 | Path Traversal vulnerability in Redhat Jboss Enterprise Application Platform It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. | 4.0 |
| 2018-07-27 | CVE-2018-10862 | Path Traversal vulnerability in Redhat products WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. | 4.9 |
| 2018-07-27 | CVE-2017-2666 | HTTP Request Smuggling vulnerability in multiple products It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. | 6.4 |
| 2018-07-27 | CVE-2017-12151 | Cryptographic Issues vulnerability in multiple products A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. | 5.8 |
| 2018-07-26 | CVE-2017-2582 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform and Keycloak It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. | 4.0 |
| 2018-07-26 | CVE-2017-12171 | Improper Access Control vulnerability in multiple products A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. | 6.5 |