redhat security advisories
7 threat alerts tracking vulnerabilities and security advisories that affect redhat products.
Vulnios monitors redhat CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent redhat security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2017-7512 — redhat — 3scale_api_management_platform
Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication
criticalCVE-2017-7512Critical Vulnerability: CVE-2016-5411 — redhat — quickstart_cloud_installer, enterprise_linux
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.
criticalCVE-2016-5411Critical Vulnerability: CVE-2016-3690 — redhat — jboss_enterprise_application_platform
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload.
criticalCVE-2016-3690Critical Vulnerability: CVE-2016-7050 — redhat — enterprise_linux_desktop, enterprise_linux_hpc_node
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote
criticalCVE-2016-7050Critical Vulnerability: CVE-2016-5405 — redhat — enterprise_linux_desktop, enterprise_linux_hpc_node
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstati
criticalCVE-2016-5405Critical Vulnerability: CVE-2017-7503 — redhat — jboss_enterprise_application_platform
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read file
criticalCVE-2017-7503Critical Vulnerability: CVE-2017-7504 — redhat — jboss_enterprise_application_platform
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for
criticalCVE-2017-7504
Track redhat exposure across your environment
Vulnios automatically cross-references your asset inventory against new redhat CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan