Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2021-06-10 CVE-2021-20293 Cross-Site Scripting vulnerability in Redhat Resteasy
A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType.
network
redhat CWE-79
4.3
2021-06-09 CVE-2021-0129 Incorrect Authorization vulnerability in multiple products
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
low complexity
bluez redhat CWE-863
2.7
2021-06-09 CVE-2021-3532 Information Exposure vulnerability in multiple products
A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory.
4.3
2021-06-09 CVE-2021-3533 Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in multiple products
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory.
local
high complexity
redhat fedoraproject CWE-367
1.2
2021-06-07 CVE-2020-1750 Resource Exhaustion vulnerability in Redhat Machine-Config-Operator
A flaw was found in the machine-config-operator that causes an OpenShift node to become unresponsive when a container consumes a large amount of memory.
network
low complexity
redhat CWE-400
4.0
2021-06-07 CVE-2020-25716 Improper Authorization vulnerability in Redhat Cloudforms
A flaw was found in Cloudforms.
network
low complexity
redhat CWE-285
5.5
2021-06-07 CVE-2020-1690 Improper Authorization vulnerability in Redhat Openstack-Selinux and Openstack Platform
An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation.
local
low complexity
redhat CWE-285
4.9
2021-06-07 CVE-2020-1742 Improper Privilege Management vulnerability in multiple products
An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler.
4.4
2021-06-07 CVE-2020-1719 Privilege Context Switching Error vulnerability in Redhat Wildfly
A flaw was found in wildfly.
network
low complexity
redhat CWE-270
5.5
2021-06-04 CVE-2021-3565 Improper Initialization vulnerability in multiple products
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2.
4.3