Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-02 | CVE-2019-14862 | Cross-site Scripting vulnerability in multiple products There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | 6.1 |
| 2019-12-31 | CVE-2011-3585 | Race Condition vulnerability in multiple products Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists. | 4.7 |
| 2019-12-30 | CVE-2013-0196 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Openshift 1.2 A CSRF issue was found in OpenShift Enterprise 1.2. | 6.5 |
| 2019-12-30 | CVE-2012-5474 | Missing Encryption of Sensitive Data vulnerability in multiple products The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. | 5.5 |
| 2019-12-23 | CVE-2019-19337 | Unspecified vulnerability in Redhat Ceph Storage 3.3 A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. | 6.5 |
| 2019-12-23 | CVE-2019-18391 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. | 5.5 |
| 2019-12-20 | CVE-2016-1000229 | Cross-site Scripting vulnerability in multiple products swagger-ui has XSS in key names | 6.1 |
| 2019-12-19 | CVE-2019-19342 | Information Exposure Through an Error Message vulnerability in Redhat Ansible Tower A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. | 5.3 |
| 2019-12-19 | CVE-2019-19341 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Ansible Tower 3.6.0/3.6.1 A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. | 5.5 |
| 2019-12-15 | CVE-2014-3652 | Open Redirect vulnerability in Redhat Keycloak 1.0.1 JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL. | 6.1 |