Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-10 | CVE-2013-1793 | Missing Authentication for Critical Function vulnerability in Redhat Openstack and Openstack Essex openstack-utils openstack-db has insecure password creation | 7.5 |
| 2019-12-04 | CVE-2019-14909 | Improper Authentication vulnerability in Redhat Keycloak 7.0.0/7.0.1 A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted. | 8.3 |
| 2019-12-03 | CVE-2013-2103 | Improper Input Validation vulnerability in Redhat Openshift 1.0 OpenShift cartridge allows remote URL retrieval | 8.1 |
| 2019-11-27 | CVE-2019-10216 | In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 7.8 |
| 2019-11-26 | CVE-2019-14890 | Cleartext Storage of Sensitive Information vulnerability in Redhat Ansible Tower 3.6.0 A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license. | 8.4 |
| 2019-11-26 | CVE-2011-3632 | Link Following vulnerability in multiple products Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | 7.1 |
| 2019-11-26 | CVE-2011-3631 | Integer Overflow or Wraparound vulnerability in multiple products Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. | 8.8 |
| 2019-11-26 | CVE-2011-3630 | Out-of-bounds Write vulnerability in multiple products Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. | 8.8 |
| 2019-11-25 | CVE-2019-13723 | Use After Free vulnerability in multiple products Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2019-11-25 | CVE-2019-14822 | Missing Authorization vulnerability in multiple products A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. | 7.1 |