Latest Redhat Security Vulnerabilities
|2020-11-27||CVE-2020-25708|| Divide BY Zero vulnerability in multiple products |
A divide by zero issue was found to occur in libvncserver-0.9.12.
|2020-11-26||CVE-2020-25651|| Race Condition vulnerability in multiple products |
A flaw was found in the SPICE file transfer protocol.
|2020-11-26||CVE-2020-25652|| Allocation of Resources Without Limits OR Throttling vulnerability in multiple products |
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`.
|2020-11-26||CVE-2020-25653|| Race Condition vulnerability in multiple products |
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections.
|2020-11-24||CVE-2020-25640|| Information Exposure Through LOG Files vulnerability in Redhat Wildfly |
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.
|2020-11-24||CVE-2020-10762|| Information Exposure Through LOG Files vulnerability in Redhat Gluster-Block |
An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations.
|2020-11-24||CVE-2020-10763|| Information Exposure Through LOG Files vulnerability in multiple products |
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information.
|2020-11-17||CVE-2020-10776|| Cross-Site Scripting vulnerability in Redhat Keycloak |
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter.
|2020-11-17||CVE-2020-14389|| Improper Privilege Management vulnerability in Redhat Keycloak |
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.
|2020-11-17||CVE-2020-25705|| USE of Insufficiently Random Values vulnerability in multiple products |
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports.