Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-08 | CVE-2013-1820 | Improper Input Validation vulnerability in multiple products tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. | 5.5 |
| 2019-11-08 | CVE-2008-5083 | Information Exposure vulnerability in Redhat Jboss Operations Network 2.1.0/2.1.2 In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON. | 6.5 |
| 2019-11-07 | CVE-2019-18811 | Memory Leak vulnerability in multiple products A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. | 5.5 |
| 2019-11-06 | CVE-2016-1000037 | Cross-site Scripting vulnerability in multiple products Pagure: XSS possible in file attachment endpoint | 6.1 |
| 2019-11-06 | CVE-2014-8181 | Improper Initialization vulnerability in Redhat Enterprise Linux and Enterprise MRG The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. | 5.5 |
| 2019-11-05 | CVE-2013-5123 | Improper Authentication vulnerability in multiple products The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | 5.9 |
| 2019-11-05 | CVE-2013-5661 | Authentication Bypass by Spoofing vulnerability in multiple products Cache Poisoning issue exists in DNS Response Rate Limiting. | 5.9 |
| 2019-11-05 | CVE-2013-6461 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | 6.5 |
| 2019-11-05 | CVE-2013-6460 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | 6.5 |
| 2019-11-05 | CVE-2019-10223 | Information Exposure vulnerability in multiple products A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. | 6.5 |