Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-25 | CVE-2022-3644 | Insufficiently Protected Credentials vulnerability in multiple products The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. | 5.5 |
| 2022-10-19 | CVE-2013-4281 | Incorrect Default Permissions vulnerability in Redhat Openshift 1.0 In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file. | 5.5 |
| 2022-10-19 | CVE-2022-2805 | Cleartext Storage of Sensitive Information vulnerability in Redhat Virtualization 4.0 A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. | 6.5 |
| 2022-10-14 | CVE-2022-2850 | NULL Pointer Dereference vulnerability in multiple products A flaw was found In 389-ds-base. | 6.5 |
| 2022-10-07 | CVE-2020-15855 | Cross-site Scripting vulnerability in Redhat Bodhi Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1. | 6.1 |
| 2022-09-29 | CVE-2014-0147 | Integer Overflow or Wraparound vulnerability in multiple products Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. | 6.2 |
| 2022-09-29 | CVE-2014-0148 | Infinite Loop vulnerability in multiple products Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. | 5.5 |
| 2022-09-29 | CVE-2015-1931 | Cleartext Storage of Sensitive Information vulnerability in multiple products IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | 5.5 |
| 2022-09-13 | CVE-2022-3205 | Cross-site Scripting vulnerability in Redhat Ansible Automation Platform 1.2/2.0 Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection | 6.1 |
| 2022-09-09 | CVE-2022-2905 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. | 5.5 |