Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2022-4132 | Memory Leak vulnerability in multiple products A flaw was found in JSS. | 5.9 |
| 2023-10-04 | CVE-2023-3153 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. | 5.3 |
| 2023-10-03 | CVE-2023-4732 | Race Condition vulnerability in multiple products A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. | 4.7 |
| 2023-10-03 | CVE-2023-4886 | A sensitive information exposure vulnerability was found in foreman. | 4.4 |
| 2023-09-28 | CVE-2023-42756 | Race Condition vulnerability in multiple products A flaw was found in the Netfilter subsystem of the Linux kernel. | 4.7 |
| 2023-09-28 | CVE-2023-5215 | Unchecked Return Value vulnerability in Redhat Enterprise Linux and Libnbd A flaw was found in libnbd. | 6.5 |
| 2023-09-27 | CVE-2023-4066 | Cleartext Storage of Sensitive Information vulnerability in Redhat products A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker. | 5.5 |
| 2023-09-27 | CVE-2023-4065 | Incorrect Default Permissions vulnerability in Redhat products A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. | 5.5 |
| 2023-09-27 | CVE-2023-0833 | Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. | 5.5 |
| 2023-09-25 | CVE-2022-4137 | Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. | 6.1 |