Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
redhat vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-10753
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the...
4.3
CVSSv2
CVE-2019-3865
A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and make it run when admin users try to change the name....
Redhat
Quay
5.5
CVSSv2
CVE-2020-1727
A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on...
Redhat
Keycloak
9
CVSSv2
CVE-2019-14894
A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on...
Redhat
Cloudforms Management Engine
6.5
CVSSv2
CVE-2020-10740
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly....
Redhat
Wildfly
2.1
CVSSv2
CVE-2020-10782
An exposure of sensitive information flaw was found in Ansible Tower before version 3.7.1. sensitive information such as Splunk tokens could be readable in the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this...
Redhat
Ansible Tower
4
CVSSv2
CVE-2018-16848
A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service....
Redhat
Openstack-mistral
6
CVSSv2
CVE-2020-10752
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked...
Redhat
Openshift Container Platform
3.6
CVSSv2
CVE-2020-10732
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data....
Linux
Linux Kernel
Opensuse
Leap
Redhat
Enterprise Linux
5
CVSSv2
CVE-2020-10705
A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service....
Redhat
Undertow
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-2021
prestashop
insecure direct object reference
CVE-2020-12498
deserialization
remote attackers
CVE-2020-1425
CVE-2020-8161
CVE-2020-2217
CVE-2020-12497
1
2
3
4
5
6
NEXT »
Vulmon