Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-16 | CVE-2016-9596 | Resource Exhaustion vulnerability in multiple products libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. | 6.5 |
| 2018-08-13 | CVE-2018-10864 | Unspecified vulnerability in Redhat Certification An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. | 6.2 |
| 2018-08-13 | CVE-2017-15138 | Information Exposure vulnerability in Redhat Openshift Container Platform 3.9 The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens. | 5.0 |
| 2018-08-09 | CVE-2018-10908 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. | 6.3 |
| 2018-08-01 | CVE-2018-10894 | Improper Certificate Validation vulnerability in Redhat Keycloak and Single Sign-On It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. | 5.4 |
| 2018-08-01 | CVE-2016-8653 | Unspecified vulnerability in Redhat Jboss A-Mq and Jboss Fuse It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. | 5.3 |
| 2018-08-01 | CVE-2016-8608 | Unspecified vulnerability in Redhat products JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. | 5.4 |
| 2018-08-01 | CVE-2016-8639 | Cross-site Scripting vulnerability in multiple products It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. | 5.4 |
| 2018-08-01 | CVE-2016-8635 | It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. | 5.9 |
| 2018-07-31 | CVE-2016-8626 | Improper Input Validation vulnerability in Redhat products A flaw was found in Red Hat Ceph before 0.94.9-8. | 6.5 |