Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-04 | CVE-2018-10914 | It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. | 6.5 |
| 2018-09-04 | CVE-2018-10913 | An information disclosure vulnerability was discovered in glusterfs server. | 6.5 |
| 2018-09-04 | CVE-2018-14627 | Cleartext Transmission of Sensitive Information vulnerability in Redhat Wildfly The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. | 5.9 |
| 2018-09-04 | CVE-2018-16435 | Integer Overflow or Wraparound vulnerability in multiple products Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. | 5.5 |
| 2018-08-29 | CVE-2018-12824 | Out-of-bounds Read vulnerability in multiple products Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. | 5.9 |
| 2018-08-29 | CVE-2018-16062 | Out-of-bounds Read vulnerability in multiple products dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | 5.5 |
| 2018-08-28 | CVE-2017-15429 | Cross-site Scripting vulnerability in multiple products Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | 6.1 |
| 2018-08-28 | CVE-2017-15396 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |
| 2018-08-28 | CVE-2017-15427 | Cross-site Scripting vulnerability in multiple products Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. | 6.1 |
| 2018-08-28 | CVE-2017-15426 | Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | 6.5 |