Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-20 | CVE-2016-1000229 | Cross-site Scripting vulnerability in multiple products swagger-ui has XSS in key names | 6.1 |
| 2019-12-19 | CVE-2019-19342 | Information Exposure Through an Error Message vulnerability in Redhat Ansible Tower A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. | 5.3 |
| 2019-12-19 | CVE-2019-19341 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Ansible Tower 3.6.0/3.6.1 A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. | 5.5 |
| 2019-12-15 | CVE-2014-3652 | Open Redirect vulnerability in Redhat Keycloak 1.0.1 JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL. | 6.1 |
| 2019-12-15 | CVE-2014-3536 | Information Exposure Through Log Files vulnerability in Redhat Cloudforms Management Engine 5.0 CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration | 5.5 |
| 2019-12-13 | CVE-2014-0241 | Insufficiently Protected Credentials vulnerability in multiple products rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | 5.5 |
| 2019-12-13 | CVE-2019-16777 | Improper Privilege Management vulnerability in multiple products Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. | 6.5 |
| 2019-12-13 | CVE-2019-16775 | UNIX Symbolic Link (Symlink) Following vulnerability in multiple products Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. | 6.5 |
| 2019-12-12 | CVE-2019-14849 | Information Exposure Through Sent Data vulnerability in Redhat 3Scale 2.0/2.4 A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. | 5.4 |
| 2019-12-11 | CVE-2014-0026 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Subscription Asset Manager 1.0.0 katello-headpin is vulnerable to CSRF in REST API | 6.5 |