Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-16 | CVE-2014-0029 | Cross-site Scripting vulnerability in Redhat Subscription Asset Manager 1.0.0 Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 6.1 |
| 2017-10-03 | CVE-2017-14494 | Information Exposure vulnerability in multiple products dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. | 5.9 |
| 2017-09-29 | CVE-2017-7554 | Cross-site Scripting vulnerability in Redhat Mobile Application Platform 4.4 It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. | 6.1 |
| 2017-09-29 | CVE-2017-7553 | Server-Side Request Forgery (SSRF) vulnerability in Redhat Mobile Application Platform 4.0/4.4/4.4.3 The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). | 6.3 |
| 2017-09-25 | CVE-2015-5181 | Cross-site Scripting vulnerability in Redhat Jboss A-Mq The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. | 5.4 |
| 2017-09-20 | CVE-2015-5248 | Improper Input Validation vulnerability in Redhat Feedhenry Enterprise Mobile Application Platform Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform. | 6.5 |
| 2017-09-19 | CVE-2015-1849 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. | 5.9 |
| 2017-09-19 | CVE-2015-7837 | 7PK - Security Features vulnerability in Redhat products The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. | 5.5 |
| 2017-09-14 | CVE-2015-7553 | Race Condition vulnerability in Redhat Enterprise Linux, Enterprise MRG and Kernel-Rt Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets. | 4.7 |
| 2017-09-13 | CVE-2017-7560 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Rhnsd It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes. | 5.5 |