Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-10 | CVE-2020-11669 | An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. | 5.5 |
| 2020-04-08 | CVE-2020-2732 | Information Exposure vulnerability in Redhat Enterprise Linux 7.0/8.0 A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. | 6.8 |
| 2020-04-06 | CVE-2020-1728 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. | 5.4 |
| 2020-04-02 | CVE-2019-19348 | Improper Privilege Management vulnerability in Redhat Openshift An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. | 7.0 |
| 2020-04-02 | CVE-2019-19346 | Improper Privilege Management vulnerability in Redhat Openshift An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . | 7.0 |
| 2020-04-02 | CVE-2020-11100 | Out-of-bounds Write vulnerability in multiple products In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. | 8.8 |
| 2020-03-31 | CVE-2020-10696 | Path Traversal vulnerability in multiple products A path traversal flaw was found in Buildah in versions before 1.14.5. | 8.8 |
| 2020-03-31 | CVE-2020-1712 | Use After Free vulnerability in multiple products A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. | 7.8 |
| 2020-03-31 | CVE-2019-14905 | Exposure of Resource to Wrong Sphere vulnerability in multiple products A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. | 5.6 |
| 2020-03-31 | CVE-2019-10180 | A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. | 4.8 |