Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-22 | CVE-2019-11291 | Cross-site Scripting vulnerability in multiple products Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. | 4.8 |
| 2019-11-22 | CVE-2012-0877 | Resource Exhaustion vulnerability in multiple products PyXML: Hash table collisions CPU usage Denial of Service | 7.5 |
| 2019-11-22 | CVE-2015-7810 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files | 4.7 |
| 2019-11-22 | CVE-2015-5694 | Infinite Loop vulnerability in multiple products Designate does not enforce the DNS protocol limit concerning record set sizes | 6.5 |
| 2019-11-22 | CVE-2015-1780 | Incorrect Authorization vulnerability in Redhat Ovirt-Engine and Virtualization oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center | 6.5 |
| 2019-11-22 | CVE-2014-3585 | Improper Verification of Cryptographic Signature vulnerability in Redhat Enterprise Linux and Redhat-Upgrade-Tool redhat-upgrade-tool: Does not check GPG signatures when upgrading versions | 9.8 |
| 2019-11-22 | CVE-2019-10206 | Insufficiently Protected Credentials vulnerability in multiple products ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. | 6.5 |
| 2019-11-22 | CVE-2018-10854 | Unspecified vulnerability in Redhat Cloudforms Management Engine 4.7/5.8/5.9 cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. | 5.4 |
| 2019-11-21 | CVE-2014-3700 | Injection vulnerability in Redhat Edeploy and Jboss Enterprise web Server eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | 9.8 |
| 2019-11-21 | CVE-2014-0084 | Improper Input Validation vulnerability in Redhat Openshift Origin Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly. | 5.5 |