Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-13 | CVE-2018-7750 | Improper Authentication vulnerability in multiple products transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. | 9.8 |
| 2018-03-13 | CVE-2018-1050 | NULL Pointer Dereference vulnerability in multiple products All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. | 4.3 |
| 2018-03-13 | CVE-2018-1000095 | Cross-site Scripting vulnerability in Redhat Ovirt-Engine oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. | 4.8 |
| 2018-03-12 | CVE-2018-7858 | Out-of-bounds Read vulnerability in multiple products Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. | 5.5 |
| 2018-03-12 | CVE-2017-2667 | Improper Certificate Validation vulnerability in multiple products Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. | 8.1 |
| 2018-03-12 | CVE-2017-2619 | Link Following vulnerability in multiple products Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. | 7.5 |
| 2018-03-12 | CVE-2017-2585 | Information Exposure vulnerability in Redhat Keycloak Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks. | 5.9 |
| 2018-03-12 | CVE-2016-9600 | NULL Pointer Dereference vulnerability in multiple products JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. | 6.5 |
| 2018-03-12 | CVE-2016-9589 | Resource Exhaustion vulnerability in Redhat Jboss Wildfly Application Server Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. | 7.5 |
| 2018-03-12 | CVE-2016-8629 | Permissions, Privileges, and Access Controls vulnerability in Redhat Keycloak Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. | 6.5 |