Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2021-02-11 CVE-2021-20188 Incorrect Authorization vulnerability in multiple products
A flaw was found in podman before 1.7.0.
6.9
2021-02-11 CVE-2020-1717 Information Exposure Through AN Error Message vulnerability in Redhat products
A flaw was found in Keycloak 7.0.1.
network
low complexity
redhat CWE-209
4.0
2021-01-29 CVE-2019-25014 Null Pointer Dereference vulnerability in multiple products
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0.
network
low complexity
istio redhat CWE-476
4.0
2021-01-28 CVE-2020-1725 Exposure of Resource TO Wrong Sphere vulnerability in Redhat Keycloak
A flaw was found in keycloak before version 13.0.0.
network
low complexity
redhat CWE-668
5.5
2021-01-28 CVE-2020-1723 Open Redirect vulnerability in Redhat Mobile Application Platform 4.0
The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages.
network
redhat CWE-601
4.3
2021-01-26 CVE-2020-35513 Privilege Dropping / Lowering Errors vulnerability in multiple products
A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2.
network
low complexity
linux redhat CWE-271
4.0
2021-01-12 CVE-2020-14341 Covert Timing Channel vulnerability in Redhat Single Sign-On
The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation.
network
low complexity
redhat CWE-385
4.0
2021-01-08 CVE-2020-25678 Cleartext Storage of Sensitive Information vulnerability in Redhat Ceph
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text.
network
low complexity
redhat CWE-312
4.0
2021-01-07 CVE-2020-25680 Improper Certificate Validation vulnerability in Redhat Jboss Core Services Httpd 2.4.37
A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'.
network
low complexity
redhat CWE-295
5.5
2021-01-04 CVE-2020-35507 Null Pointer Dereference vulnerability in multiple products
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference.
4.3