Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-27 | CVE-2016-9595 | Link Following vulnerability in multiple products A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. | 5.5 |
| 2018-07-27 | CVE-2017-15113 | Information Exposure Through Log Files vulnerability in multiple products ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. | 6.6 |
| 2018-07-27 | CVE-2017-7497 | Unspecified vulnerability in Redhat Cloudforms Management Engine 5.7.2/5.8.0 The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. | 4.3 |
| 2018-07-27 | CVE-2017-2595 | Path Traversal vulnerability in Redhat Jboss Enterprise Application Platform It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. | 6.5 |
| 2018-07-27 | CVE-2017-15125 | Cross-site Scripting vulnerability in Redhat Cloudforms Management Engine A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. | 5.4 |
| 2018-07-27 | CVE-2017-12195 | Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. | 4.8 |
| 2018-07-27 | CVE-2018-10862 | Path Traversal vulnerability in Redhat products WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. | 5.5 |
| 2018-07-27 | CVE-2017-2666 | HTTP Request Smuggling vulnerability in multiple products It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. | 6.5 |
| 2018-07-27 | CVE-2017-2622 | Unspecified vulnerability in Redhat Openstack 10 An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. | 5.5 |
| 2018-07-26 | CVE-2017-18344 | Out-of-bounds Read vulnerability in multiple products The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). | 5.5 |