Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-06 | CVE-2021-3598 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. | 5.5 |
| 2021-06-10 | CVE-2021-20293 | Cross-site Scripting vulnerability in multiple products A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. | 6.1 |
| 2021-06-09 | CVE-2021-0129 | Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. | 5.7 |
| 2021-06-07 | CVE-2020-1750 | Resource Exhaustion vulnerability in Redhat Machine-Config-Operator A flaw was found in the machine-config-operator that causes an OpenShift node to become unresponsive when a container consumes a large amount of memory. | 6.5 |
| 2021-06-07 | CVE-2020-1690 | Unspecified vulnerability in Redhat Openstack-Selinux and Openstack Platform An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. | 6.5 |
| 2021-06-07 | CVE-2020-1719 | Privilege Context Switching Error vulnerability in Redhat Wildfly A flaw was found in wildfly. | 5.4 |
| 2021-06-04 | CVE-2021-3565 | Use of Hard-coded Credentials vulnerability in multiple products A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. | 5.9 |
| 2021-06-03 | CVE-2021-3569 | Out-of-bounds Write vulnerability in multiple products A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. | 5.5 |
| 2021-06-02 | CVE-2019-12067 | NULL Pointer Dereference vulnerability in multiple products The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. | 6.5 |
| 2021-06-02 | CVE-2020-35510 | Resource Exhaustion vulnerability in Redhat Jboss-Remoting 3.3.10/5.0.14/5.0.20 A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. | 5.9 |