Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-05 | CVE-2013-6460 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | 6.5 |
| 2019-11-05 | CVE-2019-10223 | Information Exposure vulnerability in multiple products A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. | 6.5 |
| 2019-11-04 | CVE-2013-4280 | Exposure of Resource to Wrong Sphere vulnerability in Redhat products Insecure temporary file vulnerability in RedHat vsdm 4.9.6. | 5.5 |
| 2019-11-04 | CVE-2014-3649 | Cross-site Scripting vulnerability in Redhat Jboss Aerogear 1.0.0/20140919 JBoss AeroGear has reflected XSS via the password field | 6.1 |
| 2019-11-04 | CVE-2013-4518 | Information Exposure vulnerability in Redhat Update Infrastructure 2.1.3 RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates | 5.5 |
| 2019-11-04 | CVE-2013-4423 | Insufficiently Protected Credentials vulnerability in Redhat Cloudforms 3.0 CloudForms stores user passwords in recoverable format | 5.5 |
| 2019-11-01 | CVE-2013-2255 | Improper Certificate Validation vulnerability in multiple products HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | 5.9 |
| 2019-11-01 | CVE-2013-0186 | Cross-site Scripting vulnerability in Redhat products Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2019-11-01 | CVE-2013-3718 | Improper Input Validation vulnerability in multiple products evince is missing a check on number of pages which can lead to a segmentation fault | 5.5 |
| 2019-10-16 | CVE-2019-2999 | Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). | 4.7 |