Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-5056 Missing Authorization vulnerability in Redhat Service Interconnect 1.0
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster.
low complexity
redhat CWE-862
4.1
4.1
2023-12-18 CVE-2023-5115 Absolute Path Traversal vulnerability in multiple products
An absolute path traversal attack exists in the Ansible automation platform.
network
low complexity
redhat debian CWE-36
6.3
6.3
2023-12-18 CVE-2023-5236 A flaw was found in Infinispan, which does not detect circular object references when unmarshalling.
network
low complexity
redhat infinispan
6.5
6.5
2023-12-18 CVE-2023-5384 Cleartext Storage of Sensitive Information vulnerability in multiple products
A flaw was found in Infinispan.
network
low complexity
redhat infinispan CWE-312
2.7
2.7
2023-12-14 CVE-2023-6134 Cross-site Scripting vulnerability in Redhat products
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token.
network
low complexity
redhat CWE-79
5.4
5.4
2023-12-14 CVE-2023-6563 Allocation of Resources Without Limits or Throttling vulnerability in Redhat products
An unconstrained memory consumption vulnerability was discovered in Keycloak.
network
low complexity
redhat CWE-770
7.7
7.7
2023-12-13 CVE-2023-6377 Out-of-bounds Read vulnerability in multiple products
A flaw was found in xorg-server.
local
low complexity
redhat debian x-org tigervnc CWE-125
7.8
7.8
2023-12-13 CVE-2023-6478 Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in xorg-server.
network
low complexity
x-org redhat debian tigervnc CWE-190
7.5
7.5
2023-12-12 CVE-2023-5379 Allocation of Resources Without Limits or Throttling vulnerability in Redhat products
A flaw was found in Undertow.
network
low complexity
redhat CWE-770
7.5
7.5
2023-12-12 CVE-2023-5764 A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data.
local
low complexity
redhat fedoraproject
7.8
7.8