Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-02 | CVE-2012-5562 | Cleartext Transmission of Sensitive Information vulnerability in Redhat Satellite rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite | 6.5 |
| 2019-11-27 | CVE-2019-19319 | Use After Free vulnerability in multiple products In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30. | 6.5 |
| 2019-11-27 | CVE-2019-18660 | Information Exposure vulnerability in multiple products The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. | 4.7 |
| 2019-11-27 | CVE-2011-2515 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code. | 5.3 |
| 2019-11-27 | CVE-2011-2207 | Improper Certificate Validation vulnerability in multiple products dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate. | 5.3 |
| 2019-11-27 | CVE-2019-19242 | NULL Pointer Dereference vulnerability in multiple products SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. | 5.9 |
| 2019-11-26 | CVE-2019-14856 | Improper Authentication vulnerability in multiple products ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None | 6.5 |
| 2019-11-26 | CVE-2011-3609 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss Application Server 7.0.0/7.0.1/7.0.2 A CSRF issue was found in JBoss Application Server 7 before 7.1.0. | 6.5 |
| 2019-11-26 | CVE-2011-3606 | Cross-site Scripting vulnerability in Redhat Jboss Application Server 7.0.0/7.0.1/7.0.2 A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. | 5.4 |
| 2019-11-25 | CVE-2019-10217 | Information Exposure vulnerability in Redhat Ansible A flaw was found in ansible 2.8.0 before 2.8.4. | 6.5 |