Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2018-07-26 CVE-2017-7562 An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates.
network
low complexity
redhat mit
6.5
6.5
2018-07-26 CVE-2017-7545 XXE vulnerability in Redhat Decision Manager, Jboss BPM Suite and Jbpm
It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files.
network
low complexity
redhat CWE-611
6.5
6.5
2018-07-26 CVE-2017-7538 Cross-site Scripting vulnerability in Redhat Satellite
A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8.
network
low complexity
redhat CWE-79
5.4
5.4
2018-07-26 CVE-2017-2589 It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
network
low complexity
redhat hawt
critical
 9.0
9.0
2018-07-26 CVE-2018-1288 In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
network
low complexity
apache redhat oracle
5.4
5.4
2018-07-26 CVE-2017-7543 A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled.
network
high complexity
openstack redhat
5.9
5.9
2018-07-26 CVE-2017-7539 An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined.
network
low complexity
qemu redhat
7.5
7.5
2018-07-26 CVE-2017-2664 Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms.
network
low complexity
redhat
6.5
6.5
2018-07-26 CVE-2016-8647 Unspecified vulnerability in Redhat Ansible Engine
An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances.
network
low complexity
redhat
4.9
4.9
2018-07-26 CVE-2017-7537 It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4.
network
low complexity
redhat dogtagpki
7.5
7.5