Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Filter

2890 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-5418 3 Rubyonrails, Debian, Redhat 3 Rails, Debian Linux, Cloudforms 2019-10-11 5.0
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CVE-2019-3834 1 Redhat 1 Jboss Operations Network 2019-10-10 6.8
It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader...
CVE-2019-3868 1 Redhat 1 Keycloak 2019-10-10 5.5
Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user?s browser session.
CVE-2019-1002101 2 Kubernetes, Redhat 2 Kubernetes, Openshift Container Platform 2019-10-10 5.8
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user?s machine. If the...
CVE-2019-3899 2 Heketi Project, Redhat 2 Heketi, Openshift Container Platform 2019-10-09 7.5
It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.
CVE-2019-3890 2 Gnome, Redhat 2 Evolution-ews, Enterprise Linux 2019-10-09 5.8
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the...
CVE-2019-3889 1 Redhat 1 Openshift Container Platform 2019-10-09 3.5
A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal...
CVE-2019-3884 1 Redhat 1 Openshift 2019-10-09 5.0
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1...
CVE-2019-3879 2 Ovirt, Redhat 2 Ovirt, Virtualization 2019-10-09 5.5
It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low...
CVE-2019-3875 1 Redhat 2 Keycloak, Single Sign-on 2019-10-09 5.8
A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the...
CVE-2019-3872 1 Redhat 2 Jboss Enterprise Application Platform, Single Sign-on 2019-10-09 3.5
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain...
CVE-2019-3869 1 Redhat 1 Ansible Tower 2019-10-09 N/A
When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.
CVE-2019-3837 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2019-10-09 4.9
It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on...
CVE-2019-3831 2 Ovirt, Redhat 2 Vdsm, Gluster Storage 2019-10-09 9.0
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.
CVE-2019-3830 2 Openstack, Redhat 2 Ceilometer, Openstack 2019-10-09 4.0
A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.
CVE-2019-3826 2 Redhat, Prometheus 2 Openshift Container Platform, Prometheus 2019-10-09 4.3
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and...
CVE-2019-3825 3 Gnome, Canonical, Redhat 3 Gnome Display Manager, Ubuntu Linux, Enterprise Linux 2019-10-09 6.9
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain...
CVE-2019-3818 1 Redhat 1 Openshift Container Platform 2019-10-09 5.0
The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection...
CVE-2019-3815 2 Redhat, Debian 7 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 4 more 2019-10-09 2.1
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=`...
CVE-2019-14844 3 Mit, Fedoraproject, Redhat 3 Kerberos, Fedora, Enterprise Linux 2019-10-09 5.0
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.