Vulnerabilities > Redhat > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-02-09 CVE-2014-8171 Resource Management Errors vulnerability in multiple products
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.
local
low complexity
linux redhat CWE-399
5.5
5.5
2018-02-09 CVE-2017-10690 Improper Privilege Management vulnerability in multiple products
In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from.
network
low complexity
puppet redhat CWE-269
6.5
6.5
2018-02-09 CVE-2017-10689 Improper Privilege Management vulnerability in multiple products
In previous versions of Puppet Agent it was possible to install a module with world writable permissions.
local
low complexity
puppet canonical redhat CWE-269
5.5
5.5
2018-01-26 CVE-2018-5750 Information Exposure vulnerability in multiple products
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
local
low complexity
linux debian canonical redhat CWE-200
5.5
5.5
2018-01-24 CVE-2018-1047 Unspecified vulnerability in Redhat products
A flaw was found in Wildfly 9.x.
local
low complexity
redhat
5.5
5.5
2018-01-23 CVE-2018-5683 Out-of-bounds Read vulnerability in multiple products
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
local
low complexity
qemu debian redhat canonical CWE-125
6.0
6.0
2018-01-23 CVE-2018-5950 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
network
low complexity
gnu debian canonical redhat CWE-79
6.1
6.1
2018-01-18 CVE-2017-12197 Improper Input Validation vulnerability in multiple products
It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating.
network
low complexity
libpam4j-project redhat debian CWE-20
6.5
6.5
2018-01-18 CVE-2018-2678 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). 4.3
4.3
2018-01-18 CVE-2018-2677 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). 4.3
4.3