Vulnerabilities > Redhat > Enterprise Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-20 | CVE-2019-10221 | Cross-site Scripting vulnerability in multiple products A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. | 6.1 |
| 2020-03-20 | CVE-2019-10179 | A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. | 6.1 |
| 2020-03-18 | CVE-2019-10146 | A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. | 4.7 |
| 2020-03-17 | CVE-2020-1720 | Missing Authorization vulnerability in multiple products A flaw was found in PostgreSQL's "ALTER ... | 6.5 |
| 2020-02-11 | CVE-2020-1726 | A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. | 5.9 |
| 2020-02-11 | CVE-2020-1711 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. | 6.0 |
| 2020-02-11 | CVE-2009-4067 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system. | 6.8 |
| 2020-01-21 | CVE-2019-14907 | Out-of-bounds Read vulnerability in multiple products All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. | 6.5 |
| 2020-01-17 | CVE-2019-19339 | Unspecified vulnerability in Redhat Enterprise Linux and Enterprise Linux EUS It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. | 6.5 |
| 2020-01-15 | CVE-2020-2655 | Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). | 4.8 |