Red Hat - CVE CyberSecurity Database News (Page 4)

Apr 17, 2024 Exploit OAuth Red Hat Red Hat build of Keycloak 22

CVE-2024-2419 - Keycloak’s Redirect_URI Bypass, Token Theft Made Easy

Keycloak is a pretty popular open-source identity and access management tool, commonly used to handle login and single sign-on (SSO) for web applications. Security is

Apr 17, 2024 OAuth Java Red Hat Red Hat Process Automation 7

CVE-2024-1132 - Keycloak Unsecured Redirect Vulnerability Exposed

--- Overview A critical flaw, tracked as CVE-2024-1132, was discovered in Keycloak—an open-source identity and access management solution. This vulnerability is related to improper

Apr 10, 2024 Exploit Red Hat Red Hat Enterprise Linux 9

CVE-2024-1481 - Remote “kinit” Command Argument Injection in FreeIPA — How It Works, Exploit Details, and Mitigation

1. Introduction to CVE-2024-1481 In early 2024, security researchers discovered a critical flaw in FreeIPA (the open-source identity management system for Linux/UNIX environments). The

Apr 9, 2024 Exploit Red Hat Red Hat Enterprise Linux 7

CVE-2024-3446 - Double Free Vulnerability in QEMU Virtio Devices Explained

CVE-2024-3446 is a critical vulnerability that was discovered in some of QEMU's virtio devices, including virtio-gpu, virtio-serial-bus, and virtio-crypto. This flaw arises due

Apr 9, 2024 Exploit Java Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack

CVE-2024-1233 - Critical SSRF in JBoss EAP JwtValidator - How Hackers Can Exploit Vulnerable `resolvePublicKey` Logic

In early 2024, security researchers disclosed a serious Server-Side Request Forgery (SSRF) vulnerability in Red Hat’s JBoss Enterprise Application Platform (EAP). Tracked as CVE-2024-1233,