Vulnerabilities > Redhat
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-26 | CVE-2019-3878 | Improper Authentication vulnerability in multiple products A vulnerability was found in mod_auth_mellon before v0.14.2. | 8.1 |
2019-03-26 | CVE-2019-3830 | Information Exposure Through Log Files vulnerability in multiple products A vulnerability was found in ceilometer before version 12.0.0.0rc1. | 2.1 |
2019-03-26 | CVE-2019-3826 | Cross-site Scripting vulnerability in multiple products A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. | 6.1 |
2019-03-26 | CVE-2019-3804 | Missing Initialization of Resource vulnerability in multiple products It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. | 7.5 |
2019-03-26 | CVE-2018-16856 | Information Exposure Through Log Files vulnerability in multiple products In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. | 5.0 |
2019-03-25 | CVE-2019-0204 | A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. | 7.8 |
2019-03-25 | CVE-2019-7609 | Code Injection vulnerability in multiple products Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. | 10.0 |
2019-03-25 | CVE-2019-3879 | Missing Authorization vulnerability in multiple products It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. | 5.5 |
2019-03-25 | CVE-2019-3874 | Resource Exhaustion vulnerability in multiple products The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. | 6.5 |
2019-03-25 | CVE-2019-3857 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. | 8.8 |