Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-05 | CVE-2019-11255 | Improper Input Validation vulnerability in multiple products Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations. | 6.5 |
| 2019-12-05 | CVE-2019-14910 | Improper Certificate Validation vulnerability in Redhat Keycloak 7.0.0/7.0.1 A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered. | 9.8 |
| 2019-12-05 | CVE-2013-0163 | Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0/2.0 OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS | 5.5 |
| 2019-12-04 | CVE-2019-14909 | Improper Authentication vulnerability in Redhat Keycloak 7.0.0/7.0.1 A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted. | 8.3 |
| 2019-12-03 | CVE-2019-13456 | Information Exposure Through Discrepancy vulnerability in multiple products In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. | 6.5 |
| 2019-12-03 | CVE-2013-4486 | Injection vulnerability in Redhat Zanata Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | 9.8 |
| 2019-12-03 | CVE-2013-4235 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees | 4.7 |
| 2019-12-03 | CVE-2013-2103 | Improper Input Validation vulnerability in Redhat Openshift 1.0 OpenShift cartridge allows remote URL retrieval | 8.1 |
| 2019-12-03 | CVE-2013-2101 | Cross-site Scripting vulnerability in multiple products Katello has multiple XSS issues in various entities | 5.4 |
| 2019-12-02 | CVE-2012-5562 | Cleartext Transmission of Sensitive Information vulnerability in Redhat Satellite rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite | 6.5 |