Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-29 | CVE-2017-7553 | Server-Side Request Forgery (SSRF) vulnerability in Redhat Mobile Application Platform 4.0/4.4/4.4.3 The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). | 6.3 |
| 2017-09-25 | CVE-2015-5181 | Cross-site Scripting vulnerability in Redhat Jboss A-Mq The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. | 5.4 |
| 2017-09-20 | CVE-2015-5248 | Improper Input Validation vulnerability in Redhat Feedhenry Enterprise Mobile Application Platform Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform. | 6.5 |
| 2017-09-19 | CVE-2015-1849 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. | 5.9 |
| 2017-09-19 | CVE-2015-7837 | 7PK - Security Features vulnerability in Redhat products The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. | 5.5 |
| 2017-09-14 | CVE-2015-7553 | Race Condition vulnerability in Redhat Enterprise Linux, Enterprise MRG and Kernel-Rt Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets. | 4.7 |
| 2017-09-13 | CVE-2017-7560 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Rhnsd It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes. | 5.5 |
| 2017-09-06 | CVE-2015-3163 | Improper Access Control vulnerability in Redhat Beaker The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively. | 4.3 |
| 2017-08-28 | CVE-2014-8163 | Path Traversal vulnerability in Redhat Satellite 5.0 Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5. | 6.5 |
| 2017-08-28 | CVE-2014-8168 | Improper Access Control vulnerability in Redhat Satellite 6.0 Red Hat Satellite 6 allows local users to access mongod and delete pulp_database. | 6.1 |