Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-27 | CVE-2017-2625 | It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. | 5.5 |
| 2018-07-27 | CVE-2017-2623 | Improper Certificate Validation vulnerability in multiple products It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. | 5.3 |
| 2018-07-27 | CVE-2017-2621 | An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. | 5.5 |
| 2018-07-27 | CVE-2017-2614 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Redhat Enterprise Virtualization 4.0 When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. | 6.3 |
| 2018-07-27 | CVE-2017-2590 | Permission Issues vulnerability in multiple products A vulnerability was found in ipa before 4.4. | 8.1 |
| 2018-07-27 | CVE-2016-9595 | Link Following vulnerability in multiple products A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. | 5.5 |
| 2018-07-27 | CVE-2017-15119 | Resource Exhaustion vulnerability in multiple products The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. | 8.6 |
| 2018-07-27 | CVE-2017-15113 | Information Exposure Through Log Files vulnerability in multiple products ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. | 6.6 |
| 2018-07-27 | CVE-2017-12173 | Improper Input Validation vulnerability in multiple products It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. | 8.8 |
| 2018-07-27 | CVE-2017-12148 | Improper Input Validation vulnerability in Redhat Ansible Tower and Cloudforms A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. | 7.2 |