|
208061
|
4.2 |
MEDIUM
Network
|
redhat
|
keycloak
single_sign-on
|
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribut…
|
-
|
CVE-2020-27826
|
2024-11-21 14:21 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208062
|
9.0 |
CRITICAL
Network
|
redhat
|
quay
|
A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into per…
|
-
|
CVE-2020-27832
|
2024-11-21 14:21 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208063
|
4.3 |
MEDIUM
Network
|
redhat
|
quay
|
A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add e…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-27831
|
2024-11-21 14:21 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208064
|
5.4 |
MEDIUM
Network
|
redhat
|
ceph
|
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attack…
|
-
|
CVE-2020-27839
|
2024-11-21 14:21 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208065
|
7.8 |
HIGH
Local
|
linux
debian
netapp
|
linux_kernel
debian_linux
h300s_firmware
h500s_firmware
h700s_firmware
h300e_firmware
h500e_firmware
h700e_firmware
h410s_firmware
h410c_firmware
aff_a250_firmware
fa…
|
A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating …
|
-
|
CVE-2020-27815
|
2024-11-21 14:21 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208066
|
7.1 |
HIGH
Network
|
redhat
|
openshift_container_platform
|
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic…
|
CWE-59
Link Following
|
CVE-2020-27833
|
2024-11-21 14:21 |
2021-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208067
|
3.3 |
LOW
Local
|
imagemagick
redhat
fedoraproject
|
imagemagick
enterprise_linux_desktop
fedora
|
In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.
|
-
|
CVE-2020-27769
|
2024-11-21 14:21 |
2021-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208068
|
5.5 |
MEDIUM
Local
|
linux
debian
|
linux_kernel
debian_linux
|
A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr d…
|
-
|
CVE-2020-27830
|
2024-11-21 14:21 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208069
|
7.8 |
HIGH
Local
|
uclouvain
fedoraproject
debian
|
openjpeg
fedora
debian_linux
|
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to co…
|
CWE-787
CWE-120
Out-of-bounds Write
Classic Buffer Overflow
|
CVE-2020-27823
|
2024-11-21 14:21 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208070
|
5.5 |
MEDIUM
Local
|
uclouvain
redhat
fedoraproject
debian
|
openjpeg
enterprise_linux
fedora
debian_linux
|
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow.…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-27824
|
2024-11-21 14:21 |
2021-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
