Vulnerabilities > Redhat
|2021-06-02||CVE-2020-10743|| Improperly Implemented Security Check for Standard vulnerability in multiple products |
It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests.
| 4.3 |
|2021-06-01||CVE-2021-3425|| Information Exposure Through LOG Files vulnerability in Redhat Jboss A-Mq 7 |
A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality.
| 2.1 |
|2021-06-01||CVE-2021-3424|| Improper Authentication vulnerability in Redhat Single Sign-On 7.4 |
A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible.
| 5.0 |
|2021-06-01||CVE-2021-20306|| Incorrect Authorization vulnerability in Redhat Descision Manager, Jbpm and Process Automation |
A flaw was found in the BPMN editor in version jBPM 7.51.0.Final.
| 4.0 |
|2021-06-01||CVE-2021-32027|| Integer Overflow OR Wraparound vulnerability in multiple products |
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22.
| 6.5 |
|2021-06-01||CVE-2021-3412|| Improper Restriction of Excessive Authentication Attempts vulnerability in Redhat 3Scale and 3Scale API Management |
It was found that all versions of 3Scale developer portal lacked brute force protections.
| 5.0 |
|2021-06-01||CVE-2021-3495|| Improper Preservation of Permissions vulnerability in multiple products |
An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7.
| 6.5 |
|2021-06-01||CVE-2021-3516|| USE After Free vulnerability in multiple products |
There's a flaw in libxml2's xmllint in versions before 2.9.11.
| 6.8 |
|2021-06-01||CVE-2021-3543|| USE After Free vulnerability in multiple products |
A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor.
| 7.2 |
|2021-05-28||CVE-2021-20267|| Insufficient Verification of Data Authenticity vulnerability in multiple products |
A flaw was found in openstack-neutron's default Open vSwitch firewall rules.
| 5.5 |