Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-22 | CVE-2020-10740 | Deserialization of Untrusted Data vulnerability in Redhat Wildfly A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly. | 7.5 |
| 2020-06-22 | CVE-2019-14894 | OS Command Injection vulnerability in Redhat Cloudforms Management Engine 5.10/5.11 A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. | 7.2 |
| 2020-06-09 | CVE-2020-10757 | Type Confusion vulnerability in multiple products A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. | 7.8 |
| 2020-05-19 | CVE-2020-1695 | A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. | 7.5 |
| 2020-05-12 | CVE-2020-1718 | Improper Authentication vulnerability in Redhat Keycloak A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. | 8.8 |
| 2020-05-08 | CVE-2019-14898 | Improper Locking vulnerability in multiple products The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. | 7.0 |
| 2020-05-08 | CVE-2019-10170 | Unspecified vulnerability in Redhat Keycloak A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. | 7.2 |
| 2020-05-08 | CVE-2019-10169 | Unspecified vulnerability in Redhat Keycloak A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. | 7.2 |
| 2020-04-27 | CVE-2020-1762 | Session Fixation vulnerability in multiple products An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration. | 8.6 |
| 2020-04-22 | CVE-2020-10712 | Information Exposure Through Log Files vulnerability in Redhat Openshift Container Platform A flaw was found in OpenShift Container Platform version 4.1 and later. | 8.2 |