| 2018-07-26 | CVE-2017-12175 | Unspecified vulnerability in Redhat Satellite
Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality. | 5.4 |
| 2018-07-26 | CVE-2017-12171 | A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. | 6.5 |
| 2018-07-26 | CVE-2017-12167 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. | 5.5 |
| 2018-07-26 | CVE-2017-7509 | Improper Input Validation vulnerability in Redhat Certificate System
An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. | 6.5 |
| 2018-07-26 | CVE-2017-12163 | An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. | 7.1 |
| 2018-07-26 | CVE-2017-7562 | An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. | 6.5 |
| 2018-07-26 | CVE-2017-7545 | XXE vulnerability in Redhat Decision Manager, Jboss BPM Suite and Jbpm
It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. | 6.5 |
| 2018-07-26 | CVE-2017-7538 | Cross-site Scripting vulnerability in Redhat Satellite
A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. | 5.4 |
| 2018-07-26 | CVE-2017-2589 | It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies. | 9.0 |
| 2018-07-26 | CVE-2018-1288 | In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. | 5.4 |