Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2017-5061 | Race Condition vulnerability in multiple products A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 5.3 |
| 2017-10-27 | CVE-2017-5060 | Incorrect Authorization vulnerability in multiple products Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | 6.5 |
| 2017-10-26 | CVE-2017-12158 | Cross-site Scripting vulnerability in multiple products It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. | 5.4 |
| 2017-10-26 | CVE-2017-15906 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | 5.3 |
| 2017-10-24 | CVE-2013-3734 | Credentials Management vulnerability in Redhat Jboss Application Server 1.2 The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. | 6.6 |
| 2017-10-19 | CVE-2017-10384 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 6.5 |
| 2017-10-19 | CVE-2017-10379 | Incorrect Authorization vulnerability in multiple products Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). | 6.5 |
| 2017-10-19 | CVE-2017-10378 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 6.5 |
| 2017-10-19 | CVE-2017-10357 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). | 5.3 |
| 2017-10-19 | CVE-2017-10356 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). | 6.2 |