Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-3628 | A flaw was found in Infinispan's REST. | 6.5 |
| 2023-12-18 | CVE-2023-3629 | A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. | 6.5 |
| 2023-12-18 | CVE-2023-5056 | Missing Authorization vulnerability in Redhat Service Interconnect 1.0 A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. | 4.1 |
| 2023-12-18 | CVE-2023-5115 | Absolute Path Traversal vulnerability in multiple products An absolute path traversal attack exists in the Ansible automation platform. | 6.3 |
| 2023-12-18 | CVE-2023-5236 | A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. | 6.5 |
| 2023-12-14 | CVE-2023-6134 | Cross-site Scripting vulnerability in Redhat products A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. | 5.4 |
| 2023-12-12 | CVE-2023-6710 | Cross-site Scripting vulnerability in multiple products A flaw was found in the mod_proxy_cluster in the Apache server. | 5.4 |
| 2023-12-12 | CVE-2023-4958 | Unspecified vulnerability in Redhat Advanced Cluster Security 3.0/4.0 In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. | 6.1 |
| 2023-12-11 | CVE-2023-6679 | NULL Pointer Dereference vulnerability in multiple products A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. | 5.5 |
| 2023-12-10 | CVE-2023-5868 | A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. | 4.3 |