Redhat: Security Vulnerabilities
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
CVSS Score
4.3
EPSS Score
0.002
Published
2019-11-13
JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-12
HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy
CVSS Score
6.5
EPSS Score
0.004
Published
2019-11-12
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
CVSS Score
9.8
EPSS Score
0.01
Published
2019-11-12
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform.
CVSS Score
3.1
EPSS Score
0.002
Published
2019-11-09
tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-08
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
CVSS Score
6.5
EPSS Score
0.017
Published
2019-11-08
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.
CVSS Score
7.5
EPSS Score
0.021
Published
2019-11-08
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-11-08
It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.
CVSS Score
7.4
EPSS Score
0.003
Published
2019-11-08