High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-01	CVE-2013-0165	Improper Input Validation vulnerability in Redhat Openshift cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. network low complexity redhat CWE-20	7.3
2019-11-01	CVE-2013-4751	Improper Input Validation vulnerability in multiple products php-symfony2-Validator has loss of information during serialization network low complexity sensiolabs fedoraproject redhat CWE-20	8.1
2019-10-31	CVE-2019-5010	NULL Pointer Dereference vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. network low complexity python opensuse debian redhat CWE-476	7.5
2019-10-30	CVE-2010-0737	Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Jboss Operations Network A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. low complexity redhat CWE-732	8.0
2019-10-29	CVE-2019-0210	Out-of-bounds Read vulnerability in multiple products In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. network low complexity apache redhat oracle CWE-125	7.5
2019-10-29	CVE-2019-0205	Infinite Loop vulnerability in multiple products In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. network low complexity apache redhat oracle CWE-835	7.5
2019-10-24	CVE-2019-17596	Interpretation Conflict vulnerability in multiple products Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. network low complexity golang debian fedoraproject redhat opensuse arista CWE-436	7.5
2019-10-17	CVE-2019-14287	Improper Handling of Exceptional Conditions vulnerability in multiple products In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. network low complexity sudo-project fedoraproject debian opensuse canonical netapp redhat CWE-755	8.8
2019-10-17	CVE-2019-11253	XML Entity Expansion vulnerability in multiple products Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. network low complexity kubernetes redhat CWE-776	7.5
2019-10-15	CVE-2019-14832	Incorrect Authorization vulnerability in Redhat Keycloak A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. network high complexity redhat CWE-863	7.5