Vulnerabilities in Red Hat, Inc.

73 results
CVE-2017-12170Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was EPSS 1.5%CVE-2017-7561Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS comEPSS 1.5%CVE-2018-1081A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users cEPSS 1.5%CVE-2018-1128It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker haviEPSS 1.4%CVE-2017-12161It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset requeEPSS 1.4%CVE-2018-1051It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possibleEPSS 1.3%CVE-2018-1131Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with auEPSS 1.3%CVE-2018-1098A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request toEPSS 1.3%CVE-2019-3813Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead EPSS 1.2%CVE-2016-9585Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passeEPSS 1.2%CVE-2017-7515poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.EPSS 1.1%CVE-2017-12158It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker cEPSS 1.0%CVE-2017-15136When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previouEPSS 1.0%CVE-2017-12191A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access EPSS 0.9%CVE-2018-1059The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing EPSS 0.9%CVE-2017-7557dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.EPSS 0.8%CVE-2017-7556Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their weEPSS 0.7%CVE-2018-1069Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could overrEPSS 0.6%CVE-2017-12172PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runsEPSS 0.6%CVE-2017-7534OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user inEPSS 0.6%