Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-14 | CVE-2017-15127 | Improper Cleanup on Thrown Exception vulnerability in multiple products A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. | 5.5 |
| 2018-01-10 | CVE-2017-7559 | HTTP Request Smuggling vulnerability in Redhat Undertow In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. | 6.1 |
| 2018-01-09 | CVE-2017-15129 | Race Condition vulnerability in multiple products A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. | 4.7 |
| 2018-01-08 | CVE-2014-1859 | Link Following vulnerability in multiple products (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. | 5.5 |
| 2017-12-29 | CVE-2016-3695 | Injection vulnerability in multiple products The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. | 5.5 |
| 2017-12-20 | CVE-2017-16818 | Reachable Assertion vulnerability in multiple products RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h. | 6.5 |
| 2017-12-19 | CVE-2013-6465 | Cross-site Scripting vulnerability in Redhat Jbpm 6.0.0 Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs. | 5.4 |
| 2017-12-13 | CVE-2017-11305 | A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data. | 6.5 |
| 2017-12-11 | CVE-2014-3250 | Improper Certificate Validation vulnerability in multiple products The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. | 6.5 |
| 2017-12-07 | CVE-2017-15121 | Improper Input Validation vulnerability in Redhat products A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. | 5.5 |