Vulnerabilidades em Red Hat, Inc.

73 resultados
CVE-2017-7474It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypassEPSS 2.5%CVE-2018-1104Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to executeEPSS 2.5%CVE-2017-12159It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain acEPSS 2.4%CVE-2018-1102A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTaEPSS 2.4%CVE-2017-7480rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remotEPSS 2.3%CVE-2018-1082A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but laterEPSS 2.1%CVE-2017-15087It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEEPSS 2.1%CVE-2017-2585Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constantEPSS 2.1%CVE-2018-1101Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalatiEPSS 2.0%CVE-2017-7503It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker couEPSS 2.0%CVE-2016-8629Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rEPSS 2.0%CVE-2018-1129A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster neEPSS 1.9%CVE-2017-12160It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication serveEPSS 1.9%CVE-2017-7475Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an applicatioEPSS 1.8%CVE-2017-15086It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEEPSS 1.7%CVE-2017-15085It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEEPSS 1.7%CVE-2017-7559In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 wEPSS 1.7%CVE-2017-7540rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. EPSS 1.6%CVE-2018-1048It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus alloEPSS 1.6%CVE-2017-12197It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid passwordEPSS 1.5%