Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2021-06-02 CVE-2020-10743 Improperly Implemented Security Check for Standard vulnerability in multiple products
It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests.
4.3
2021-06-01 CVE-2021-3425 Information Exposure Through LOG Files vulnerability in Redhat Jboss A-Mq 7
A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality.
local
low complexity
redhat CWE-532
2.1
2021-06-01 CVE-2021-3424 Improper Authentication vulnerability in Redhat Single Sign-On 7.4
A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible.
network
low complexity
redhat CWE-287
5.0
2021-06-01 CVE-2021-20306 Incorrect Authorization vulnerability in Redhat Descision Manager, Jbpm and Process Automation
A flaw was found in the BPMN editor in version jBPM 7.51.0.Final.
network
low complexity
redhat CWE-863
4.0
2021-06-01 CVE-2021-32027 Integer Overflow OR Wraparound vulnerability in multiple products
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22.
network
low complexity
postgresql redhat CWE-190
6.5
2021-06-01 CVE-2021-3412 Improper Restriction of Excessive Authentication Attempts vulnerability in Redhat 3Scale and 3Scale API Management
It was found that all versions of 3Scale developer portal lacked brute force protections.
network
low complexity
redhat CWE-307
5.0
2021-06-01 CVE-2021-3495 Improper Preservation of Permissions vulnerability in multiple products
An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7.
network
low complexity
netlify redhat CWE-281
6.5
2021-06-01 CVE-2021-3516 USE After Free vulnerability in multiple products
There's a flaw in libxml2's xmllint in versions before 2.9.11.
6.8
2021-06-01 CVE-2021-3543 USE After Free vulnerability in multiple products
A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor.
7.2
2021-05-28 CVE-2021-20267 Insufficient Verification of Data Authenticity vulnerability in multiple products
A flaw was found in openstack-neutron's default Open vSwitch firewall rules.
network
low complexity
openstack redhat CWE-345
5.5