Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2018-10866 | Missing Authorization vulnerability in Redhat Certification 7.0 It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him. | 9.1 |
| 2021-05-26 | CVE-2018-10867 | Files or Directories Accessible to External Parties vulnerability in Redhat Certification 7.0 Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user. | 9.1 |
| 2021-05-26 | CVE-2018-10868 | XML Entity Expansion vulnerability in Redhat Certification 7.0 redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host. | 7.5 |
| 2021-05-26 | CVE-2019-14836 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat 3Scale 2.4 A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. | 8.8 |
| 2021-05-26 | CVE-2021-20178 | A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. | 5.5 |
| 2021-05-24 | CVE-2021-3559 | A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. | 6.5 |
| 2021-05-21 | CVE-2018-25009 | Out-of-bounds Read vulnerability in multiple products A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | 9.1 |
| 2021-05-21 | CVE-2018-25010 | Out-of-bounds Read vulnerability in multiple products A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | 9.1 |
| 2021-05-21 | CVE-2018-25011 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | 9.8 |
| 2021-05-21 | CVE-2018-25012 | Out-of-bounds Read vulnerability in multiple products A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | 9.1 |