Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-27 | CVE-2017-2666 | HTTP Request Smuggling vulnerability in multiple products It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. | 6.5 |
| 2018-07-27 | CVE-2017-2622 | Files or Directories Accessible to External Parties vulnerability in Redhat Openstack 10 An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. | 5.5 |
| 2018-07-26 | CVE-2017-18344 | Out-of-bounds Read vulnerability in multiple products The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). | 5.5 |
| 2018-07-26 | CVE-2018-10881 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux kernel's ext4 filesystem. | 5.5 |
| 2018-07-26 | CVE-2017-2582 | Information Exposure vulnerability in Redhat Keycloak It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. | 6.5 |
| 2018-07-26 | CVE-2017-12175 | Cross-site Scripting vulnerability in Redhat Satellite Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality. | 5.4 |
| 2018-07-26 | CVE-2017-12171 | Improper Access Control vulnerability in multiple products A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. | 6.5 |
| 2018-07-26 | CVE-2017-12167 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. | 5.5 |
| 2018-07-26 | CVE-2017-7509 | Improper Input Validation vulnerability in Redhat Certificate System An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. | 6.5 |
| 2018-07-26 | CVE-2017-7562 | Improper Certificate Validation vulnerability in multiple products An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. | 6.5 |