Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-10 | CVE-2019-13737 | Information Exposure vulnerability in multiple products Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2019-12-10 | CVE-2014-3656 | Cross-site Scripting vulnerability in Redhat Jboss Keycloak JBoss KeyCloak: XSS in login-status-iframe.html | 6.1 |
| 2019-12-06 | CVE-2019-19624 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read was discovered in OpenCV before 4.1.1. | 6.5 |
| 2019-12-05 | CVE-2019-11255 | Improper Input Validation vulnerability in multiple products Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations. | 6.5 |
| 2019-12-05 | CVE-2013-0163 | Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0/2.0 OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS | 5.5 |
| 2019-12-03 | CVE-2019-13456 | Information Exposure Through Discrepancy vulnerability in multiple products In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. | 6.5 |
| 2019-12-03 | CVE-2013-4235 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees | 4.7 |
| 2019-12-03 | CVE-2013-2101 | Cross-site Scripting vulnerability in multiple products Katello has multiple XSS issues in various entities | 5.4 |
| 2019-12-02 | CVE-2012-5562 | Cleartext Transmission of Sensitive Information vulnerability in Redhat Satellite rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite | 6.5 |
| 2019-11-27 | CVE-2019-19319 | Use After Free vulnerability in multiple products In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30. | 6.5 |