Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-27 | CVE-2020-10737 | Race Condition vulnerability in Redhat Oddjob A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. | 6.3 |
| 2020-05-26 | CVE-2020-10719 | HTTP Request Smuggling vulnerability in multiple products A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. | 6.5 |
| 2020-05-26 | CVE-2020-10751 | A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. | 6.1 |
| 2020-05-22 | CVE-2020-10711 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. | 5.9 |
| 2020-05-15 | CVE-2020-1758 | Improper Certificate Validation vulnerability in Redhat Keycloak A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. | 5.9 |
| 2020-05-15 | CVE-2020-12685 | Cross-site Scripting vulnerability in Redhat Interchange XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript. | 6.1 |
| 2020-05-15 | CVE-2020-10744 | Race Condition vulnerability in Redhat Ansible and Ansible Tower An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. | 5.0 |
| 2020-05-12 | CVE-2020-12826 | Integer Overflow or Wraparound vulnerability in multiple products A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. | 5.3 |
| 2020-05-12 | CVE-2020-1746 | A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. | 5.0 |
| 2020-05-12 | CVE-2020-10706 | Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. low complexity redhat | 6.6 |