Latest Redhat Security Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-27 | CVE-2020-25708 | Divide BY Zero vulnerability in multiple products A divide by zero issue was found to occur in libvncserver-0.9.12. | |
| 2020-11-26 | CVE-2020-25651 | Race Condition vulnerability in multiple products A flaw was found in the SPICE file transfer protocol. | |
| 2020-11-26 | CVE-2020-25652 | Allocation of Resources Without Limits OR Throttling vulnerability in multiple products A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. | |
| 2020-11-26 | CVE-2020-25653 | Race Condition vulnerability in multiple products A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. | |
| 2020-11-24 | CVE-2020-25640 | Information Exposure Through LOG Files vulnerability in Redhat Wildfly A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. | |
| 2020-11-24 | CVE-2020-10762 | Information Exposure Through LOG Files vulnerability in Redhat Gluster-Block An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. | |
| 2020-11-24 | CVE-2020-10763 | Information Exposure Through LOG Files vulnerability in multiple products An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. | |
| 2020-11-17 | CVE-2020-10776 | Cross-Site Scripting vulnerability in Redhat Keycloak A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. | |
| 2020-11-17 | CVE-2020-14389 | Improper Privilege Management vulnerability in Redhat Keycloak It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have. | |
| 2020-11-17 | CVE-2020-25705 | USE of Insufficiently Random Values vulnerability in multiple products A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. |