Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-11 | CVE-2019-10194 | Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. | 5.5 |
| 2019-07-02 | CVE-2019-10136 | Unspecified vulnerability in Redhat Satellite and Spacewalk It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. | 4.3 |
| 2019-06-27 | CVE-2019-10177 | Cross-site Scripting vulnerability in Redhat Cloudforms Management Engine 5.10/5.9 A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. | 6.5 |
| 2019-06-24 | CVE-2019-12384 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. | 5.9 |
| 2019-06-19 | CVE-2019-11038 | Use of Uninitialized Resource vulnerability in multiple products When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. | 5.3 |
| 2019-06-14 | CVE-2019-10159 | Unspecified vulnerability in Redhat Cfme-Gemset and Cloudforms cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. | 4.3 |
| 2019-06-12 | CVE-2019-3875 | Improper Certificate Validation vulnerability in Redhat Keycloak and Single Sign-On A vulnerability was found in keycloak before 6.0.2. | 4.8 |
| 2019-06-12 | CVE-2019-3872 | Cross-site Scripting vulnerability in Redhat products It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. | 5.4 |
| 2019-06-12 | CVE-2019-10157 | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . | 5.5 |
| 2019-06-12 | CVE-2019-10150 | Unspecified vulnerability in Redhat Openshift Container Platform It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. | 5.9 |