Vulnerabilities > Redhat > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-11-13 CVE-2018-14658 Open Redirect vulnerability in Redhat Keycloak 3.2.1
A flaw was found in JBOSS Keycloak 3.2.1.Final.
network
low complexity
redhat CWE-601
6.1
6.1
2018-11-13 CVE-2018-14655 Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final.
network
low complexity
redhat CWE-79
5.4
5.4
2018-11-12 CVE-2018-19208 NULL Pointer Dereference vulnerability in multiple products
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack.
network
low complexity
libwpd-project redhat suse CWE-476
6.5
6.5
2018-11-09 CVE-2018-19139 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An issue has been found in JasPer 2.0.14.
local
low complexity
jasper-project redhat debian CWE-772
5.5
5.5
2018-11-08 CVE-2018-19108 Infinite Loop vulnerability in multiple products
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
network
low complexity
exiv2 debian redhat canonical CWE-835
6.5
6.5
2018-11-08 CVE-2018-19107 Integer Overflow or Wraparound vulnerability in multiple products
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
network
low complexity
exiv2 debian redhat canonical CWE-190
6.5
6.5
2018-11-07 CVE-2018-19058 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
network
low complexity
freedesktop canonical debian redhat CWE-670
6.5
6.5
2018-11-02 CVE-2018-18897 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
network
low complexity
freedesktop debian canonical redhat CWE-772
6.5
6.5
2018-11-01 CVE-2018-14660 A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr.
network
low complexity
gluster redhat debian
6.5
6.5
2018-10-31 CVE-2018-14661 Improper Input Validation vulnerability in multiple products
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack.
network
low complexity
gluster debian redhat CWE-20
6.5
6.5