Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-11 | CVE-2014-0087 | Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms Management Engine The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action. | 8.8 |
| 2018-01-10 | CVE-2017-12189 | Unspecified vulnerability in Redhat products It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. | 7.8 |
| 2018-01-10 | CVE-2017-7536 | Unsafe Reflection vulnerability in Redhat products In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. | 7.0 |
| 2018-01-09 | CVE-2018-4871 | Out-of-bounds Read vulnerability in multiple products An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. | 7.5 |
| 2018-01-09 | CVE-2017-15131 | It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. | 7.8 |
| 2018-01-08 | CVE-2013-4364 | Link Following vulnerability in Redhat Openshift 1.0/2.0 (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. | 7.8 |
| 2017-12-29 | CVE-2014-8119 | Improper Input Validation vulnerability in multiple products The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. | 7.5 |
| 2017-12-29 | CVE-2014-0120 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f." | 8.8 |
| 2017-12-18 | CVE-2017-15104 | An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. | 7.8 |
| 2017-12-18 | CVE-2017-15103 | A security-check flaw was found in the way the Heketi 5 server API handled user requests. | 8.8 |