Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2017-2674 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central.
network
low complexity
redhat CWE-79
5.4
2018-07-27 CVE-2017-2658 Unspecified vulnerability in Redhat products
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests.
network
low complexity
redhat
6.5
2018-07-27 CVE-2017-2653 Improper Input Validation vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests.
network
low complexity
redhat CWE-20
6.5
2018-07-27 CVE-2017-2646 Infinite Loop vulnerability in Redhat Keycloak
It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop.
network
low complexity
redhat CWE-835
7.5
2018-07-27 CVE-2017-2640 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content.
network
low complexity
pidgin redhat debian CWE-787
critical
9.8
2018-07-27 CVE-2017-2625 It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys.
local
low complexity
x-org redhat
5.5
2018-07-27 CVE-2017-2623 Improper Certificate Validation vulnerability in multiple products
It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering.
network
high complexity
rpm-ostree redhat CWE-295
5.3
2018-07-27 CVE-2017-2621 An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable.
local
low complexity
redhat openstack
5.5
2018-07-27 CVE-2017-2614 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Redhat Enterprise Virtualization 4.0
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired.
local
low complexity
redhat CWE-640
6.3
2018-07-27 CVE-2017-2590 Permission Issues vulnerability in multiple products
A vulnerability was found in ipa before 4.4.
network
low complexity
freeipa redhat CWE-275
8.1