The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Red Hat SSO

Keycloak: denial of service via NBF Node.js Adapter
An attacker can trigger a fatal error via NBF Node.js Adapter of Keycloak, in order to trigger a denial of service...
CVE-2019-10157, RHSA-2019:1456-01, VIGILANCE-VUL-29514
Keycloak: privilege escalation via CRL Signatures Validation
An attacker can bypass restrictions via CRL Signatures Validation of Keycloak, in order to escalate his privileges...
CVE-2019-3875, RHSA-2019:1456-01, VIGILANCE-VUL-29513
Bootstrap: Cross Site Scripting via Affix Configuration Target
An attacker can trigger a Cross Site Scripting via Affix Configuration Target of Bootstrap, in order to run JavaScript code in the context of the web site...
CVE-2018-20677, RHSA-2019:1456-01, VIGILANCE-VUL-29512
Bootstrap: Cross Site Scripting via data-viewport
An attacker can trigger a Cross Site Scripting via data-viewport of Bootstrap, in order to run JavaScript code in the context of the web site...
CVE-2018-20676, RHSA-2019:1456-01, RHSA-2020:3936-01, VIGILANCE-VUL-29511
Bootstrap: Cross Site Scripting via data-target
An attacker can trigger a Cross Site Scripting via data-target of Bootstrap, in order to run JavaScript code in the context of the web site...
CVE-2016-10735, RHSA-2019:1456-01, RHSA-2020:3936-01, VIGILANCE-VUL-29510
Undertow: information disclosure via UndertowLogger.REQUEST_LOGGER.undertowRequestFailed
An attacker can bypass access restrictions to data via UndertowLogger.REQUEST_LOGGER.undertowRequestFailed of Undertow, in order to obtain sensitive information...
CVE-2019-3888, RHSA-2019:1419-01, RHSA-2019:1420-01, RHSA-2019:1421-01, RHSA-2019:1424-01, RHSA-2019:1456-01, VIGILANCE-VUL-29492
PicketLink: privilege escalation via xinclude Parameter URL Injection
An attacker can bypass restrictions via xinclude Parameter URL Injection of PicketLink, in order to escalate his privileges...
CVE-2019-3873, RHSA-2019:1419-01, RHSA-2019:1420-01, RHSA-2019:1421-01, RHSA-2019:1424-01, RHSA-2019:1456-01, VIGILANCE-VUL-29491
PicketLink: Cross Site Scripting via SAMLRequest RelayState Parameter
An attacker can trigger a Cross Site Scripting via SAMLRequest RelayState Parameter of PicketLink, in order to run JavaScript code in the context of the web site...
CVE-2019-3872, RHSA-2019:1419-01, RHSA-2019:1420-01, RHSA-2019:1421-01, RHSA-2019:1424-01, RHSA-2019:1456-01, VIGILANCE-VUL-29490
jackson-databind: file reading
An attacker can read a file from a client using jackson-databind, in order to obtain sensitive information...
5048, cpujan2020, cpujul2019, cpuoct2019, CVE-2019-12086, DLA-1798-1, DSA-4452-1, FEDORA-2019-ae6a703b8f, FEDORA-2019-fb23eccc03, RHSA-2019:2935-01, RHSA-2019:2936-01, RHSA-2019:2937-01, RHSA-2019:2938-01, RHSA-2019:3044-01, RHSA-2019:3045-01, RHSA-2019:3046-01, RHSA-2019:3050-01, VIGILANCE-VUL-29375
Red Hat JBoss Enterprise Application Platform, WildFly: privilege escalation via ElytronManagedThread
An attacker can bypass restrictions via ElytronManagedThread of Red Hat JBoss Enterprise Application Platform, in order to escalate his privileges...
CVE-2019-3894, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-29228
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat SSO: