Vulnerabilities > Redhat > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2017-2616 Race Condition vulnerability in multiple products
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes.
local
high complexity
util-linux-project redhat debian CWE-362
4.7
4.7
2018-07-27 CVE-2018-10882 A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
linux debian canonical redhat
5.5
5.5
2018-07-27 CVE-2017-7463 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload.
network
low complexity
redhat CWE-79
6.1
6.1
2018-07-27 CVE-2017-2674 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central.
network
low complexity
redhat CWE-79
5.4
5.4
2018-07-27 CVE-2017-2658 Unspecified vulnerability in Redhat products
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests.
network
low complexity
redhat
6.5
6.5
2018-07-27 CVE-2017-2653 Improper Input Validation vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests.
network
low complexity
redhat CWE-20
6.5
6.5
2018-07-27 CVE-2017-2625 It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys.
local
low complexity
x-org redhat
5.5
5.5
2018-07-27 CVE-2017-2623 Improper Certificate Validation vulnerability in multiple products
It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering.
network
high complexity
rpm-ostree redhat CWE-295
5.3
5.3
2018-07-27 CVE-2017-2621 An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable.
local
low complexity
redhat openstack
5.5
5.5
2018-07-27 CVE-2017-2614 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Redhat Enterprise Virtualization 4.0
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired.
local
low complexity
redhat CWE-640
6.3
6.3