Vulnerabilities > Redhat > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2017-2632 Incorrect Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have.
network
low complexity
redhat CWE-863
4.9
4.9
2018-07-27 CVE-2017-2626 It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys.
local
low complexity
freedesktop redhat
5.5
5.5
2018-07-27 CVE-2017-2618 Off-by-one Error vulnerability in multiple products
A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10.
local
low complexity
linux redhat debian CWE-193
5.5
5.5
2018-07-27 CVE-2017-2616 Race Condition vulnerability in multiple products
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes.
local
high complexity
util-linux-project redhat debian CWE-362
4.7
4.7
2018-07-27 CVE-2018-10882 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
linux debian canonical redhat CWE-787
5.5
5.5
2018-07-27 CVE-2017-7463 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload.
network
low complexity
redhat CWE-79
6.1
6.1
2018-07-27 CVE-2017-2674 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central.
network
low complexity
redhat CWE-79
5.4
5.4
2018-07-27 CVE-2017-2658 Improper Input Validation vulnerability in Redhat products
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests.
network
low complexity
redhat CWE-20
6.5
6.5
2018-07-27 CVE-2017-2653 Improper Input Validation vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests.
network
low complexity
redhat CWE-20
6.5
6.5
2018-07-27 CVE-2017-2625 Insufficient Entropy vulnerability in multiple products
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys.
local
low complexity
x-org redhat CWE-331
5.5
5.5