Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-11 | CVE-2021-20188 | Incorrect Authorization vulnerability in multiple products A flaw was found in podman before 1.7.0. | 6.9 |
| 2021-02-11 | CVE-2020-1717 | Information Exposure Through AN Error Message vulnerability in Redhat products A flaw was found in Keycloak 7.0.1. | 4.0 |
| 2021-01-29 | CVE-2019-25014 | Null Pointer Dereference vulnerability in multiple products A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. | 4.0 |
| 2021-01-28 | CVE-2020-1725 | Exposure of Resource TO Wrong Sphere vulnerability in Redhat Keycloak A flaw was found in keycloak before version 13.0.0. | 5.5 |
| 2021-01-28 | CVE-2020-1723 | Open Redirect vulnerability in Redhat Mobile Application Platform 4.0 The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages. | 4.3 |
| 2021-01-26 | CVE-2020-35513 | Privilege Dropping / Lowering Errors vulnerability in multiple products A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. | 4.0 |
| 2021-01-12 | CVE-2020-14341 | Covert Timing Channel vulnerability in Redhat Single Sign-On The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. | 4.0 |
| 2021-01-08 | CVE-2020-25678 | Cleartext Storage of Sensitive Information vulnerability in Redhat Ceph A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. | 4.0 |
| 2021-01-07 | CVE-2020-25680 | Improper Certificate Validation vulnerability in Redhat Jboss Core Services Httpd 2.4.37 A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. | 5.5 |
| 2021-01-04 | CVE-2020-35507 | Null Pointer Dereference vulnerability in multiple products There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. | 4.3 |