Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-26 | CVE-2017-7545 | XXE vulnerability in Redhat Decision Manager, Jboss BPM Suite and Jbpm It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. | 6.5 |
| 2018-07-26 | CVE-2017-7538 | Cross-site Scripting vulnerability in Redhat Satellite A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. | 5.4 |
| 2018-07-26 | CVE-2018-1288 | In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. | 5.4 |
| 2018-07-26 | CVE-2017-7543 | Race Condition vulnerability in multiple products A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. | 5.9 |
| 2018-07-26 | CVE-2017-2664 | Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. | 6.5 |
| 2018-07-26 | CVE-2016-8647 | Improper Input Validation vulnerability in Redhat Ansible Engine An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. | 4.9 |
| 2018-07-25 | CVE-2018-13988 | Out-of-bounds Read vulnerability in multiple products Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. | 6.5 |
| 2018-07-25 | CVE-2018-1002200 | Path Traversal vulnerability in multiple products plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. | 5.5 |
| 2018-07-25 | CVE-2018-10880 | Out-of-bounds Write vulnerability in multiple products Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). | 5.5 |
| 2018-07-23 | CVE-2018-10912 | Infinite Loop vulnerability in Redhat Keycloak keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. | 4.9 |