Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-06 | CVE-2020-25641 | Infinite Loop vulnerability in multiple products A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. | 5.5 |
| 2020-10-05 | CVE-2020-25635 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Redhat Ansible 2.10.1 A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. | 5.5 |
| 2020-09-30 | CVE-2020-25626 | Cross-site Scripting vulnerability in multiple products A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. | 6.1 |
| 2020-09-25 | CVE-2019-11556 | Cross-site Scripting vulnerability in multiple products Pagure before 5.6 allows XSS via the templates/blame.html blame view. | 6.1 |
| 2020-09-23 | CVE-2020-14370 | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. | 5.3 |
| 2020-09-23 | CVE-2020-10687 | Unspecified vulnerability in Redhat Undertow 1.0.0 A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. | 4.8 |
| 2020-09-18 | CVE-2020-25633 | Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. | 5.3 |
| 2020-09-17 | CVE-2020-14338 | Improper Input Validation vulnerability in Redhat Xerces 2.11.0/2.12.0 A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. | 5.3 |
| 2020-09-16 | CVE-2020-1694 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Keycloak A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. | 4.9 |
| 2020-09-16 | CVE-2020-14348 | Improper Check for Unusual or Exceptional Conditions vulnerability in Redhat AMQ Online It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers. | 4.3 |