Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-16 | CVE-2019-11281 | Cross-site Scripting vulnerability in multiple products Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. | 4.8 |
| 2019-10-15 | CVE-2019-14832 | Incorrect Authorization vulnerability in Redhat Keycloak A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. | 7.5 |
| 2019-10-14 | CVE-2019-14823 | A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. | 7.4 |
| 2019-10-14 | CVE-2019-14858 | Information Exposure Through Log Files vulnerability in Redhat Ansible Engine A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. | 5.5 |
| 2019-10-14 | CVE-2019-14838 | Improper Privilege Management vulnerability in Redhat products A flaw was found in wildfly-core before 7.2.5.GA. | 4.9 |
| 2019-10-12 | CVE-2019-17531 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. | 9.8 |
| 2019-10-09 | CVE-2019-6465 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. | 5.3 |
| 2019-10-08 | CVE-2019-14846 | In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. | 7.8 |
| 2019-10-08 | CVE-2019-14845 | Unspecified vulnerability in Redhat Openshift A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. high complexity redhat | 5.3 |
| 2019-10-07 | CVE-2019-17267 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. | 9.8 |