Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2016-9595 Link Following vulnerability in multiple products
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files.
local
low complexity
theforeman redhat CWE-59
5.5
2018-07-27 CVE-2017-15119 Resource Exhaustion vulnerability in multiple products
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue.
network
low complexity
qemu canonical debian redhat CWE-400
8.6
2018-07-27 CVE-2017-15113 Information Exposure Through Log Files vulnerability in multiple products
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking.
network
high complexity
ovirt redhat CWE-532
6.6
2018-07-27 CVE-2017-12173 Improper Input Validation vulnerability in multiple products
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection.
network
low complexity
redhat fedoraproject CWE-20
8.8
2018-07-27 CVE-2017-12148 Improper Input Validation vulnerability in Redhat Ansible Tower and Cloudforms
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories.
network
low complexity
redhat CWE-20
7.2
2018-07-27 CVE-2017-7497 Unspecified vulnerability in Redhat Cloudforms Management Engine 5.7.2/5.8.0
The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user.
network
low complexity
redhat
4.3
2018-07-27 CVE-2017-2670 Infinite Loop vulnerability in multiple products
It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
network
low complexity
redhat debian CWE-835
7.5
2018-07-27 CVE-2017-2595 Path Traversal vulnerability in Redhat Jboss Enterprise Application Platform
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
network
low complexity
redhat CWE-22
6.5
2018-07-27 CVE-2017-15125 Cross-site Scripting vulnerability in Redhat Cloudforms Management Engine
A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input.
network
low complexity
redhat CWE-79
5.4
2018-07-27 CVE-2017-12195 Unspecified vulnerability in Redhat Openshift Container Platform
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin.
network
high complexity
redhat
4.8