Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-17 | CVE-2017-13079 | Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. | 5.3 |
| 2017-10-17 | CVE-2017-13078 | Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. | 5.3 |
| 2017-10-17 | CVE-2017-13077 | Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | 6.8 |
| 2017-10-16 | CVE-2014-0029 | Cross-site Scripting vulnerability in Redhat Subscription Asset Manager 1.0.0 Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 6.1 |
| 2017-10-03 | CVE-2017-14494 | Information Exposure vulnerability in multiple products dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. | 5.9 |
| 2017-09-29 | CVE-2017-7554 | Cross-site Scripting vulnerability in Redhat Mobile Application Platform 4.4 It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. | 6.1 |
| 2017-09-29 | CVE-2017-7553 | Server-Side Request Forgery (SSRF) vulnerability in Redhat Mobile Application Platform 4.0/4.4/4.4.3 The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). | 6.3 |
| 2017-09-25 | CVE-2015-5181 | Cross-site Scripting vulnerability in Redhat Jboss A-Mq The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. | 5.4 |
| 2017-09-20 | CVE-2015-5248 | Improper Input Validation vulnerability in Redhat Feedhenry Enterprise Mobile Application Platform Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform. | 6.5 |
| 2017-09-19 | CVE-2015-1849 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. | 5.9 |