Filtered by vendor Redhat
Subscribe
Total
5605 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14302 | 1 Redhat | 1 Keycloak | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks. | |||||
| CVE-2020-14341 | 1 Redhat | 1 Single Sign-on | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
| The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may glean information about hosts and ports which they do not have access to scan directly. | |||||
| CVE-2020-25677 | 2 Ceph, Redhat | 2 Ceph-ansible, Ceph Storage | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2020-14391 | 2 Gnome, Redhat | 5 Control Center, Enterprise Linux, Enterprise Linux Aus and 2 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-20218 | 1 Redhat | 9 A-mq Online, Build Of Quarkus, Codeready Studio and 6 more | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2 | |||||
| CVE-2020-10687 | 1 Redhat | 4 Enterprise Linux, Jboss Enterprise Application Platform, Single Sign-on and 1 more | 2024-02-28 | 5.8 MEDIUM | 4.8 MEDIUM |
| A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. | |||||
| CVE-2020-14366 | 1 Redhat | 1 Keycloak | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw | |||||
| CVE-2020-27775 | 3 Debian, Imagemagick, Redhat | 3 Debian Linux, Imagemagick, Enterprise Linux | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
| A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2020-4635 | 2 Ibm, Redhat | 2 Soar, Enterprise Linux | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames. | |||||
| CVE-2020-35513 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service. | |||||
| CVE-2020-25743 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack Platform | 2024-02-28 | 2.1 LOW | 3.2 LOW |
| hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. | |||||
| CVE-2020-27749 | 4 Fedoraproject, Gnu, Netapp and 1 more | 8 Fedora, Grub2, Ontap Select Deploy Administration Utility and 5 more | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-25712 | 2 Redhat, X.org | 2 Enterprise Linux, X Server | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-27771 | 3 Debian, Imagemagick, Redhat | 3 Debian Linux, Imagemagick, Enterprise Linux | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
| In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2021-20231 | 4 Fedoraproject, Gnu, Netapp and 1 more | 5 Fedora, Gnutls, Active Iq Unified Manager and 2 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. | |||||
| CVE-2020-10734 | 1 Redhat | 4 Jboss Fuse, Keycloak, Openshift Application Runtimes and 1 more | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable. | |||||
| CVE-2020-25688 | 1 Redhat | 1 Advanced Cluster Management For Kubernetes | 2024-02-28 | 2.7 LOW | 3.5 LOW |
| A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible. | |||||
| CVE-2020-1760 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. | |||||
| CVE-2020-1744 | 1 Redhat | 1 Keycloak | 2024-02-28 | 6.8 MEDIUM | 5.6 MEDIUM |
| A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events. | |||||
| CVE-2020-14331 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-28 | 7.2 HIGH | 6.6 MEDIUM |
| A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||