Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-08 | CVE-2019-17022 | Cross-site Scripting vulnerability in multiple products When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. | 6.1 |
| 2020-01-08 | CVE-2019-17016 | Cross-site Scripting vulnerability in multiple products When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. | 6.1 |
| 2020-01-08 | CVE-2019-14820 | Unspecified vulnerability in Redhat products It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. | 4.3 |
| 2020-01-07 | CVE-2019-14854 | Unspecified vulnerability in Redhat Openshift Container Platform 4.1/4.2 OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. | 6.5 |
| 2020-01-03 | CVE-2012-4451 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper. | 6.1 |
| 2020-01-02 | CVE-2014-3590 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Satellite 6.0 Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. | 6.5 |
| 2020-01-02 | CVE-2014-0245 | Race Condition vulnerability in Redhat Jboss Portal 6.2.0 It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. | 5.9 |
| 2020-01-02 | CVE-2014-0183 | Cross-site Scripting vulnerability in Redhat Subscription Asset Manager 1.4.0 Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. | 6.1 |
| 2020-01-02 | CVE-2014-0169 | Incorrect Authorization vulnerability in Redhat Jboss Enterprise Application Platform 6.0.0 In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. | 6.5 |
| 2020-01-02 | CVE-2019-10205 | Unspecified vulnerability in Redhat Quay 3.0.0 A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. | 6.3 |