Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-06 | CVE-2020-15115 | etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. | 7.5 |
| 2020-07-31 | CVE-2020-14334 | Unspecified vulnerability in Redhat Satellite 6.0 A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. | 8.8 |
| 2020-07-13 | CVE-2020-14300 | Improper Check for Dropped Privileges vulnerability in multiple products The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. | 8.8 |
| 2020-07-13 | CVE-2020-14298 | Improper Check for Dropped Privileges vulnerability in multiple products The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. | 8.8 |
| 2020-06-22 | CVE-2020-10740 | Deserialization of Untrusted Data vulnerability in Redhat Wildfly A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly. | 7.5 |
| 2020-06-22 | CVE-2019-14894 | Unspecified vulnerability in Redhat Cloudforms Management Engine 5.10/5.11 A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. | 7.2 |
| 2020-06-12 | CVE-2020-10752 | Insufficiently Protected Credentials vulnerability in Redhat Openshift Container Platform 3.11/4.0 A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. | 7.5 |
| 2020-06-10 | CVE-2020-10705 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. | 7.5 |
| 2020-06-09 | CVE-2020-10757 | Type Confusion vulnerability in multiple products A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. | 7.8 |
| 2020-06-03 | CVE-2020-7013 | Code Injection vulnerability in multiple products Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. | 7.2 |