Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2019-11-04 CVE-2013-4409 Improper Input Validation vulnerability in multiple products
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
network
low complexity
reviewboard fedoraproject redhat CWE-20
critical
 9.8
9.8
2019-11-04 CVE-2013-4251 Improper Privilege Management vulnerability in multiple products
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.
local
low complexity
scipy fedoraproject redhat debian CWE-269
7.8
7.8
2019-11-04 CVE-2013-4280 Exposure of Resource to Wrong Sphere vulnerability in Redhat products
Insecure temporary file vulnerability in RedHat vsdm 4.9.6.
local
low complexity
redhat CWE-668
5.5
5.5
2019-11-04 CVE-2005-4890 Improper Input Validation vulnerability in multiple products
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program".
local
low complexity
sudo-project debian redhat CWE-20
7.8
7.8
2019-11-04 CVE-2014-3649 Cross-site Scripting vulnerability in Redhat Jboss Aerogear 1.0.0/20140919
JBoss AeroGear has reflected XSS via the password field
network
low complexity
redhat CWE-79
6.1
6.1
2019-11-04 CVE-2013-4518 Information Exposure vulnerability in Redhat Update Infrastructure 2.1.3
RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates
local
low complexity
redhat CWE-200
5.5
5.5
2019-11-04 CVE-2013-4423 Insufficiently Protected Credentials vulnerability in Redhat Cloudforms 3.0
CloudForms stores user passwords in recoverable format
local
low complexity
redhat CWE-522
5.5
5.5
2019-11-01 CVE-2019-6470 There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode.
network
low complexity
isc redhat opensuse
7.5
7.5
2019-11-01 CVE-2013-2255 Improper Certificate Validation vulnerability in multiple products
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
network
high complexity
redhat openstack debian CWE-295
5.9
5.9
2019-11-01 CVE-2013-0186 Cross-site Scripting vulnerability in Redhat products
Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
redhat CWE-79
6.1
6.1