Latest Redhat Security Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-11-27 CVE-2020-25708 Divide BY Zero vulnerability in multiple products
A divide by zero issue was found to occur in libvncserver-0.9.12.
5.0
2020-11-26 CVE-2020-25651 Race Condition vulnerability in multiple products
A flaw was found in the SPICE file transfer protocol.
3.3
2020-11-26 CVE-2020-25652 Allocation of Resources Without Limits OR Throttling vulnerability in multiple products
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`.
4.9
2020-11-26 CVE-2020-25653 Race Condition vulnerability in multiple products
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections.
5.4
2020-11-24 CVE-2020-25640 Information Exposure Through LOG Files vulnerability in Redhat Wildfly
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.
network
low complexity
redhat CWE-532
5.0
2020-11-24 CVE-2020-10762 Information Exposure Through LOG Files vulnerability in Redhat Gluster-Block
An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations.
local
low complexity
redhat CWE-532
2.1
2020-11-24 CVE-2020-10763 Information Exposure Through LOG Files vulnerability in multiple products
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information.
2.1
2020-11-17 CVE-2020-10776 Cross-Site Scripting vulnerability in Redhat Keycloak
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter.
3.5
2020-11-17 CVE-2020-14389 Improper Privilege Management vulnerability in Redhat Keycloak
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.
network
low complexity
redhat CWE-269
5.5
2020-11-17 CVE-2020-25705 USE of Insufficiently Random Values vulnerability in multiple products
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports.
network
low complexity
linux redhat CWE-330
6.4