Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-13 | CVE-2014-3655 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss Enterprise web Server and Keycloak JBoss KeyCloak is vulnerable to soft token deletion via CSRF | 4.3 |
| 2019-11-13 | CVE-2014-3592 | Cross-site Scripting vulnerability in Redhat Openshift Origin OpenShift Origin: Improperly validated team names could allow stored XSS attacks | 6.1 |
| 2019-11-12 | CVE-2010-3857 | Cross-site Scripting vulnerability in Redhat Jboss Business Rules Management System JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter. | 6.1 |
| 2019-11-12 | CVE-2014-3599 | XXE vulnerability in Redhat Hornetq HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy | 6.5 |
| 2019-11-12 | CVE-2011-2897 | Improper Input Validation vulnerability in multiple products gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw | 9.8 |
| 2019-11-09 | CVE-2009-3552 | Improper Certificate Validation vulnerability in Redhat Enterprise Virtualization Manager 2.2 In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. | 3.1 |
| 2019-11-08 | CVE-2019-3866 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openstack-Mistral An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. | 5.5 |
| 2019-11-08 | CVE-2019-14860 | Unspecified vulnerability in Redhat Fuse and Syndesis It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. | 6.5 |
| 2019-11-08 | CVE-2019-14824 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. | 6.5 |
| 2019-11-08 | CVE-2019-10222 | Improper Handling of Exceptional Conditions vulnerability in multiple products A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. | 7.5 |