VIR Vulnerability Intelligence Relay

Search

Found 645 results in 79ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-9803 medium 5.3 5.3 redhat 7d ago A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authori…
CVE-2026-9802 medium 6.8 6.8 redhat 7d ago A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, w…
CVE-2026-9801 medium 4.9 4.9 redhat 7d ago A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromi…
CVE-2026-9798 medium 4.3 4.3 redhat 7d ago A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client cr…
CVE-2026-9796 medium 6.5 6.5 redhat 7d ago A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can exploit a Time-of-check to time-of-use (TOCTOU) vulnerability in the name-based admin role checks. This…
CVE-2026-9794 medium 5.3 5.3 redhat 7d ago A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced…
CVE-2026-9792 medium 6.5 6.5 redhat 7d ago A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain condition providers (client-type, client-roles, client-attributes, client-…
CVE-2026-9791 medium 4.3 4.3 redhat 7d ago A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Conne…
CVE-2026-1933 medium 6.5 6.5 FIX slesdebian debian rhel redhatsamba 8d ago A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem wri…
CVE-2026-2340 medium 6.5 6.5 FIX slesdebian debian rhel redhatsamba 8d ago A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to i…
CVE-2026-9689 medium 4.2 4.2 redhat 8d ago A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote at…
CVE-2026-4480 critical 9.0 9.0 FIX slesdebian debian rhel redhatsamba 9d ago A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution charac…
CVE-2026-9149 medium 6.5 6.5 FIX debian debian sleswindows windows opensuseredhat 14d ago A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. T…
CVE-2026-9150 medium 6.5 6.5 FIX debian debian sleswindows windows opensuseredhat 14d ago A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could …
CVE-2026-4630 medium 6.8 6.8 redhat 16d ago A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtai…
CVE-2026-37982 medium 6.8 6.8 redhat 16d ago A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken` tokens within Keycloak's WebAuthn (Web Authentication) flow. By intercep…
CVE-2026-37981 medium 4.3 4.3 redhat 16d ago A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access (UMA) r…
CVE-2026-37979 medium 6.5 6.5 redhat 16d ago A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpoint allows a confidential client to bypass audience restrictions. An attac…
CVE-2026-37978 medium 4.9 4.9 redhat 16d ago A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID (userId) para…
CVE-2026-8922 medium 5.4 5.4 redhat 16d ago A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly honor the…
CVE-2026-8830 medium 4.3 4.3 redhat 16d ago A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side …
CVE-2026-0964 medium 6.3 6.3 FIX rheldebian debian sles libsshredhat 16d ago Moderate: libssh security update
CVE-2025-5351 medium 6.5 6.5 FIX rheldebian debian sles libsshredhat 16d ago Moderate: libssh security update
CVE-2024-12086 medium 6.8 6.8 FIX arch arch rhel sles sambaredhat 16d ago Important: rsync security update
CVE-2026-3832 low 3.7 3.7 FIX debian debian rhel gnuredhat 1mo ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-3833 medium 6.5 6.5 FIX debian debian sles rhel gnuredhat 1mo ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-7500 medium 5.4 5.4 redhat 1mo ago Keycloak has a Forced Browsing issue
CVE-2026-7163 medium 5.5 5.5 redhat 1mo ago A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-sco…
CVE-2026-7309 medium 4.3 4.3 redhat 1mo ago A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-bu…
CVE-2026-6845 medium 5.0 5.0 debian debian sles rhel gnuredhat 1mo ago A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially c…
CVE-2026-6844 medium 5.5 5.5 debian debian sles rhel gnuredhat 1mo ago A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable …
CVE-2026-6843 medium 5.5 5.5 FIX debian debian rhel gnuredhat 1mo ago A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application …
CVE-2026-37980 medium 4.8 4.8 redhat 2mo ago A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cro…
CVE-2026-2377 medium 6.5 6.5 redhat 2mo ago A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary…
CVE-2026-32591 medium 5.5 5.5 redhat 2mo ago A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the spec…
CVE-2025-58713 medium 6.4 6.4 redhat 2mo ago A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during b…
CVE-2025-57854 medium 6.4 6.4 redhat 2mo ago A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during buil…
CVE-2025-57853 medium 6.4 6.4 redhat 2mo ago A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain …
CVE-2025-57851 medium 6.7 6.7 redhat 2mo ago A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during b…
CVE-2025-57847 medium 6.4 6.4 redhat 2mo ago A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the bui…
CVE-2026-5745 medium 5.5 5.5 debian debian sles rhel libarchiveredhat 2mo ago A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL …
CVE-2026-3184 medium 5.3 5.3 slesdebian debian kernelredhat 2mo ago A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A …
CVE-2026-2625 medium 5.5 5.5 FIX rheldebian debian redhatsequoia-pgp 2mo ago A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, th…
CVE-2026-5164 medium 5.5 5.5 rhel redhat 2mo ago A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input val…
CVE-2026-2100 medium 5.3 5.3 FIX rhel slesdebian debian p11-kit_projectredhat 2mo ago A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters se…
CVE-2026-4426 medium 6.5 6.5 FIX debian debian sles rhel libarchiveredhat 3mo ago A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge exte…
CVE-2026-2575 medium 5.3 5.3 redhat 3mo ago A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding.…
CVE-2026-2376 medium 5.4 5.4 rhel redhat 3mo ago A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the applicat…
CVE-2026-3911 low 2.7 2.7 redhat 3mo ago Keycloak: Information disclosure of disabled user attributes via administrative endpoint
CVE-2026-3118 medium 6.5 6.5 redhat 3mo ago A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user …
CVE-2025-14512 medium 6.5 6.5 FIX rheldebian debian sles gnomeredhat 6mo ago A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when pro…
CVE-2025-14010 medium 5.5 5.5 FIX debian debian redhat 6mo ago Ansible Community General Collection is vulnerable to exposure of sensitive information
CVE-2025-4598 medium 4.7 4.7 FIX arch arch rhel sles systemd_projectredhat 6mo ago A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump…
CVE-2025-32989 medium 5.3 5.3 FIX rheldebian debian sles gnuredhat 9mo ago Moderate: gnutls security, bug fix, and enhancement update
CVE-2025-8283 low 3.7 3.7 FIX slesdebian debian rhel redhat 10mo ago A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AA…
CVE-2025-7784 medium 6.5 6.5 redhat 11mo ago Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)
CVE-2025-6170 low 2.5 2.5 FIX arch arch slesdebian debian redhatxmlsoft 1y ago A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, …
CVE-2025-26465 medium 6.8 6.8 FIX rhel rocky sles openbsdnetappredhat 1y ago A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occur…
CVE-2023-4806 medium 5.9 5.9 FIX rhel rocky sles gnuredhat 2y ago RHSA-2023:5455: glibc security update (Important)
CVE-2024-0193 medium 6.7 6.7 FIX rhel sles rocky redhat 2y ago A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This…
CVE-2023-48795 medium 5.9 5.9 FIX rhel rockydebian debian apacheopenbsdputty 3y ago The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from…
CVE-2023-4527 medium 6.5 6.5 FIX rhel rocky sles gnuredhat 3y ago RHSA-2023:5455: glibc security update (Important)
CVE-2014-3708 medium 4.0 FIX slesdebian debian openstackredhat 4y ago OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API re…
CVE-2017-7549 medium 6.4 6.4 openstackredhat 4y ago A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, wher…
CVE-2017-7550 critical 9.8 9.8 FIX debian debian sles rhel redhat 4y ago A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive infor…
CVE-2017-10906 critical 9.8 9.8 fluentdredhat 4y ago Fluentd Escape Sequence Injection Vulnerability
CVE-2019-11135 medium 6.5 6.5 FIX arch arch slesdebian debian slackwarehpintel 6y ago TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVE-2019-7317 medium 5.3 5.3 FIX arch arch slesdebian debian libpngoraclehp 7y ago png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2018-3639 medium 5.5 6.5 EXPFIX slesdebian debian rhel intelarmredhat 8y ago Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of i…
CVE-2014-0121 critical 9.8 9.8 hawtredhat 9y ago The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.
CVE-2017-16818 medium 6.5 6.5 FIX debian debian slesfedora fedora redhat 9y ago RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privil…
CVE-2013-6465 medium 5.4 5.4 redhat 9y ago Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.
CVE-2017-15100 medium 6.1 6.1 theforemanredhat 9y ago An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends…
CVE-2015-7501 critical 9.8 9.8 FIX debian debian redhat 9y ago Deserialization of Untrusted Data in Apache commons collections
CVE-2017-15085 medium 5.9 5.9 FIX rheldebian debian redhat 9y ago It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
CVE-2017-12158 medium 5.4 5.4 rhel redhatkeycloak 9y ago Keycloak Reflected XSS
CVE-2013-3734 medium 6.6 6.6 redhat 9y ago The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive…
CVE-2017-10384 medium 6.5 6.5 slesdebian debian rhel oraclemariadbnetapp 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily expl…
CVE-2017-10379 medium 6.5 6.5 slesdebian debian rhel oraclemariadbredhat 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Ea…
CVE-2017-10378 medium 6.5 6.5 slesdebian debian rhel oraclemariadbredhat 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. …
CVE-2017-10357 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded…
CVE-2017-10356 medium 6.2 6.2 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embe…
CVE-2017-10355 medium 5.3 6.3 EXPFIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Em…
CVE-2017-10350 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easil…
CVE-2017-10349 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. …
CVE-2017-10348 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u…
CVE-2017-10347 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. …
CVE-2017-10346 critical 9.6 9.6 FIX sles rheldebian debian oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u14…
CVE-2017-10345 low 3.1 3.1 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE…
CVE-2017-10295 medium 4.0 4.0 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Em…
CVE-2017-10285 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. E…
CVE-2017-10281 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE…
CVE-2017-10268 medium 4.1 4.1 slesdebian debian rhel oracleredhatmariadb 9y ago Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier…
CVE-2014-7813 medium 6.5 6.5 redhat 9y ago Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack …
CVE-2014-3706 medium 5.9 5.9 redhat 9y ago ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
CVE-2014-3702 critical 9.1 9.1 redhat 9y ago Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot…
CVE-2014-0029 medium 6.1 6.1 redhat 9y ago Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2017-12629 critical 9.8 10.0 EXPFIX debian debianubuntu ubuntu rhel apacheredhat 9y ago Remote code execution occurs in Apache Solr
CVE-2017-15041 critical 9.8 9.8 FIX arch archdebian debian rhel golangredhat 9y ago Remote command execution via "go get" in cmd/go
CVE-2017-7554 medium 6.1 6.1 redhat 9y ago It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using Ap…