Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-20 | CVE-2015-5160 | Information Exposure vulnerability in multiple products libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. | 5.5 |
| 2018-08-17 | CVE-2018-15473 | Race Condition vulnerability in multiple products OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | 5.3 |
| 2018-08-16 | CVE-2016-9598 | Out-of-bounds Read vulnerability in multiple products libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. | 6.5 |
| 2018-08-16 | CVE-2016-9596 | Resource Exhaustion vulnerability in multiple products libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. | 6.5 |
| 2018-08-13 | CVE-2018-10864 | Resource Exhaustion vulnerability in Redhat Certification An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. | 6.2 |
| 2018-08-13 | CVE-2017-15138 | Information Exposure vulnerability in Redhat Openshift Container Platform 3.9 The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens. | 5.0 |
| 2018-08-09 | CVE-2018-10908 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. | 6.3 |
| 2018-08-01 | CVE-2018-10894 | Improper Certificate Validation vulnerability in Redhat Keycloak and Single Sign-On It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. | 5.4 |
| 2018-08-01 | CVE-2016-8653 | Deserialization of Untrusted Data vulnerability in Redhat Jboss A-Mq and Jboss Fuse It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. | 5.3 |
| 2018-08-01 | CVE-2016-8608 | Cross-site Scripting vulnerability in Redhat products JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. | 5.4 |