Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-27 | CVE-2017-2646 | Infinite Loop vulnerability in Redhat Keycloak It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. | 7.5 |
| 2018-07-27 | CVE-2017-2640 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. | 9.8 |
| 2018-07-27 | CVE-2017-2625 | It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. | 5.5 |
| 2018-07-27 | CVE-2017-2623 | Improper Certificate Validation vulnerability in multiple products It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. | 5.3 |
| 2018-07-27 | CVE-2017-2621 | An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. | 5.5 |
| 2018-07-27 | CVE-2017-2614 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Redhat Enterprise Virtualization 4.0 When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. | 6.3 |
| 2018-07-27 | CVE-2017-2590 | Permission Issues vulnerability in multiple products A vulnerability was found in ipa before 4.4. | 8.1 |
| 2018-07-27 | CVE-2016-9595 | Link Following vulnerability in multiple products A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. | 5.5 |
| 2018-07-27 | CVE-2017-15119 | Resource Exhaustion vulnerability in multiple products The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. | 8.6 |
| 2018-07-27 | CVE-2017-15113 | Information Exposure Through Log Files vulnerability in multiple products ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. | 6.6 |