Red Hat Certification

CPE Details

Red Hat Certification
redhat
certification
-
2018-11-01
13h28 +00:00
2018-11-01
13h28 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:certification:-:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

certification

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-3897 2021-03-16 20h02 +00:00 It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue.
5.3
Medium
CVE-2018-10864 2018-08-13 15h00 +00:00 An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service.
6.2
Medium
CVE-2018-10869 2018-07-19 20h00 +00:00 redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
7.5
High
CVE-2018-10870 2018-07-19 20h00 +00:00 redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.
9.8
Critical