Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2020-14327 Server-Side Request Forgery (SSRF) vulnerability in Redhat Ansible Tower
A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2.
local
low complexity
redhat CWE-918
2.1
2021-05-27 CVE-2020-14328 Server-Side Request Forgery (SSRF) vulnerability in Redhat Ansible Tower
A flaw was found in Ansible Tower in versions before 3.7.2.
local
low complexity
redhat CWE-918
2.1
2021-05-27 CVE-2020-14329 Information Exposure vulnerability in Redhat Ansible Tower
A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint.
local
low complexity
redhat CWE-200
2.1
2021-05-27 CVE-2020-1702 Resource Exhaustion vulnerability in multiple products
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform.
4.3
2021-05-27 CVE-2020-1761 Improperly Implemented Security Check for Standard vulnerability in Redhat Openshift
A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage.
network
redhat CWE-358
4.3
2021-05-27 CVE-2020-10688 Cross-Site Scripting vulnerability in Redhat Resteasy
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs.
network
redhat CWE-79
4.3
2021-05-27 CVE-2020-10697 Missing Authorization vulnerability in Redhat Ansible Tower
A flaw was found in Ansible Tower when running Openshift.
local
low complexity
redhat CWE-862
3.6
2021-05-27 CVE-2020-10698 Information Exposure vulnerability in Redhat Ansible Tower
A flaw was found in Ansible Tower when running jobs.
local
low complexity
redhat CWE-200
2.1
2021-05-27 CVE-2020-10701 Missing Authorization vulnerability in Redhat Libvirt
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout.
network
low complexity
redhat CWE-862
4.0
2021-05-27 CVE-2020-10709 Operation ON A Resource After Expiration OR Release vulnerability in Redhat Ansible Tower
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application.
local
low complexity
redhat CWE-672
3.6