Vulnerabilities > Redhat > Process Automation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-16 | CVE-2021-20218 | Path Traversal vulnerability in Redhat products A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. | 5.8 |
| 2020-09-23 | CVE-2020-10714 | Session Fixation vulnerability in multiple products A flaw was found in WildFly Elytron version 1.11.3.Final and before. | 7.5 |
| 2020-09-16 | CVE-2020-1748 | Unspecified vulnerability in Redhat Wildfly Elytron A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. | 5.0 |
| 2020-05-13 | CVE-2020-1714 | Improper Input Validation vulnerability in multiple products A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. | 6.5 |
| 2020-03-02 | CVE-2019-14892 | Deserialization of Untrusted Data vulnerability in multiple products A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. | 9.8 |
| 2020-01-02 | CVE-2019-14863 | Cross-site Scripting vulnerability in multiple products There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | 4.3 |
| 2020-01-02 | CVE-2019-14862 | Cross-site Scripting vulnerability in multiple products There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | 4.3 |