Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-6927
A flaw was found in Keycloak. This issue may allow an malicious user to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
Redhat Keycloak -
Redhat Single Sign-on 7.0
5.9
CVSSv3
CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH prior to 9.6 and other products, allows remote malicious users to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may conseque...
Openbsd Openssh
Putty Putty
Filezilla-project Filezilla Client
Microsoft Powershell
Panic Transmit 5
Panic Nova
Roumenpetrov Pkixssh
Winscp Winscp
Bitvise Ssh Client
Bitvise Ssh Server
Lancom-systems Lcos
Lancom-systems Lcos Fx -
Lancom-systems Lcos Lx -
Lancom-systems Lcos Sx 5.20
Lancom-systems Lcos Sx 4.20
Lancom-systems Lanconfig -
Vandyke Securecrt
Libssh Libssh
Net-ssh Net-ssh 7.2.0
Ssh2 Project Ssh2
Proftpd Proftpd
Freebsd Freebsd
8 Github repositories
1 Article
4.1
CVSSv3
CVE-2023-5056
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of infor...
Redhat Service Interconnect 1.0
6.3
CVSSv3
CVE-2023-5115
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an malicious user to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
Redhat Ansible Automation Platform 1.2
Redhat Ansible Automation Platform 2.3
Redhat Ansible Automation Platform 2.4
Redhat Ansible Inside 1.1
Redhat Ansible Inside 1.2
Redhat Ansible Developer 1.0
Redhat Ansible Developer 1.1
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2023-3628
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform 6
Redhat Data Grid
Infinispan Infinispan -
6.5
CVSSv3
CVE-2023-3629
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Redhat Data Grid
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform 6
Infinispan Infinispan -
2.7
CVSSv3
CVE-2023-5384
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.
Redhat Data Grid
Redhat Jboss Data Grid -
Infinispan Infinispan -
6.5
CVSSv3
CVE-2023-5236
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of...
Redhat Data Grid
Redhat Jboss Data Grid -
Infinispan Infinispan -
7.5
CVSSv3
CVE-2023-4320
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.
Redhat Satellite
5.4
CVSSv3
CVE-2023-6134
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an malicious user to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is ...
Redhat Single Sign-on
Redhat Keycloak
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Openshift Container Platform Ibm Z Systems 4.9
Redhat Openshift Container Platform Ibm Z Systems 4.10
Redhat Single Sign-on -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »