Vulnerabilities > Redhat > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-03-19 CVE-2019-10200 Improper Access Control vulnerability in Redhat Openshift Container Platform 4.0
A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes.
network
low complexity
redhat CWE-284
critical
 9.0
9.0
2021-03-19 CVE-2019-10196 Improper Initialization vulnerability in multiple products
A flaw was found in http-proxy-agent, prior to version 2.1.0.
network
low complexity
http-proxy-agent-project fedoraproject redhat CWE-665
critical
 9.0
9.0
2021-03-12 CVE-2021-20231 Use After Free vulnerability in multiple products
A flaw was found in gnutls.
network
low complexity
gnu redhat fedoraproject netapp CWE-416
critical
 9.8
9.8
2021-03-12 CVE-2021-20232 Use After Free vulnerability in multiple products
A flaw was found in gnutls.
network
low complexity
gnu redhat fedoraproject CWE-416
critical
 9.8
9.8
2020-12-21 CVE-2020-27846 Misinterpretation of Input vulnerability in multiple products
A signature verification vulnerability exists in crewjam/saml.
network
low complexity
grafana saml-project redhat fedoraproject CWE-115
critical
 9.8
9.8
2020-10-27 CVE-2019-8846 Use After Free vulnerability in multiple products
A use after free issue was addressed with improved memory management.
network
apple redhat CWE-416
critical
 9.3
9.3
2020-10-27 CVE-2019-8835 Out-of-bounds Write vulnerability in multiple products
Multiple memory corruption issues were addressed with improved memory handling.
network
apple redhat CWE-787
critical
 9.3
9.3
2020-10-27 CVE-2019-8844 Out-of-bounds Write vulnerability in multiple products
Multiple memory corruption issues were addressed with improved memory handling.
network
apple redhat CWE-787
critical
 9.3
9.3
2020-04-28 CVE-2020-1745 Unspecified vulnerability in Redhat Undertow
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final.
network
low complexity
redhat
critical
 9.8
9.8
2020-03-02 CVE-2019-14892 Deserialization of Untrusted Data vulnerability in multiple products
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes.
network
low complexity
fasterxml redhat apache CWE-502
critical
 9.8
9.8