Filtered by vendor Redhat Subscriptions
Filtered by product Mobile Application Platform Subscriptions
Total 10 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-1723 2 Keycloak Gatekeeper Project, Redhat 2 Keycloak Gatekeeper, Mobile Application Platform 2024-11-21 6.1 Medium
A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0
CVE-2018-3728 2 Hapijs, Redhat 3 Hoek, Mobile Application Platform, Quay 2024-11-21 N/A
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
CVE-2017-7554 1 Redhat 1 Mobile Application Platform 2024-11-21 N/A
It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio.
CVE-2017-7553 1 Redhat 1 Mobile Application Platform 2024-11-21 N/A
The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints.
CVE-2017-7552 1 Redhat 1 Mobile Application Platform 2024-11-21 N/A
A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation.
CVE-2017-15010 2 Redhat, Salesforce 3 Mobile Application Platform, Rhel Software Collections, Tough-cookie 2024-11-21 N/A
A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.
CVE-2017-1000117 2 Git-scm, Redhat 4 Git, Enterprise Linux, Mobile Application Platform and 1 more 2024-11-21 N/A
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
CVE-2016-8705 2 Memcached, Redhat 3 Memcached, Enterprise Linux, Mobile Application Platform 2024-11-21 N/A
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
CVE-2016-8704 2 Memcached, Redhat 3 Memcached, Enterprise Linux, Mobile Application Platform 2024-11-21 N/A
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
CVE-2023-6841 1 Redhat 7 Jboss Enterprise Bpms Platform, Jboss Fuse, Keycloak and 4 more 2024-11-15 7.5 High
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.