Vulnerabilities > Redhat > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-10 CVE-2019-13739 Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
google debian fedoraproject redhat
6.5
2019-12-10 CVE-2019-13738 Improper Privilege Management vulnerability in multiple products
Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.
network
low complexity
google debian fedoraproject redhat CWE-269
6.5
2019-12-10 CVE-2019-13737 Information Exposure vulnerability in multiple products
Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google debian fedoraproject redhat CWE-200
6.5
2019-12-10 CVE-2014-3656 Cross-site Scripting vulnerability in Redhat Jboss Keycloak
JBoss KeyCloak: XSS in login-status-iframe.html
network
low complexity
redhat CWE-79
6.1
2019-12-06 CVE-2019-19624 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read was discovered in OpenCV before 4.1.1.
network
low complexity
opencv redhat CWE-125
6.5
2019-12-05 CVE-2019-11255 Improper Input Validation vulnerability in multiple products
Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.
network
low complexity
kubernetes redhat CWE-20
6.5
2019-12-05 CVE-2013-0163 Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0/2.0
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
local
low complexity
redhat CWE-668
5.5
2019-12-03 CVE-2019-13456 Information Exposure Through Discrepancy vulnerability in multiple products
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop.
6.5
2019-12-03 CVE-2013-4235 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
local
high complexity
debian fedoraproject redhat CWE-367
4.7
2019-12-03 CVE-2013-2101 Cross-site Scripting vulnerability in multiple products
Katello has multiple XSS issues in various entities
network
low complexity
theforeman redhat CWE-79
5.4