Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-20	CVE-2019-10179	Cross-site Scripting vulnerability in multiple products A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. network low complexity redhat dogtagpki CWE-79	6.1
2020-03-18	CVE-2019-10146	Cross-site Scripting vulnerability in multiple products A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. network high complexity redhat dogtagpki CWE-79	4.7
2020-03-17	CVE-2020-1720	Missing Authorization vulnerability in multiple products A flaw was found in PostgreSQL's "ALTER ... network low complexity postgresql redhat CWE-862	6.5
2020-02-11	CVE-2020-1726	Files or Directories Accessible to External Parties vulnerability in multiple products A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. network high complexity libpod-project redhat CWE-552	5.9
2020-02-11	CVE-2020-1711	Out-of-bounds Write vulnerability in multiple products An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. network high complexity qemu redhat debian opensuse CWE-787	6.0
2020-02-07	CVE-2019-13163	Inadequate Encryption Strength vulnerability in Fujitsu products The Fujitsu TLS library allows a man-in-the-middle attack. network fujitsu microsoft redhat oracle CWE-326	4.3
2020-01-27	CVE-2015-0294	Improper Certificate Validation vulnerability in multiple products GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. network low complexity gnu debian redhat CWE-295	5.0
2020-01-21	CVE-2019-14907	Out-of-bounds Read vulnerability in multiple products All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. network low complexity fedoraproject samba redhat canonical synology debian CWE-125	6.5
2020-01-17	CVE-2019-19339	Unspecified vulnerability in Redhat Enterprise Linux and Enterprise Linux EUS It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. local low complexity redhat	4.9
2020-01-15	CVE-2020-2659	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). network oracle debian canonical netapp opensuse redhat	4.3