Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-17 | CVE-2019-10354 | Missing Authorization vulnerability in multiple products A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information. | 4.3 |
| 2019-07-11 | CVE-2019-3889 | Unspecified vulnerability in Redhat Openshift Container Platform A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. | 5.4 |
| 2019-07-11 | CVE-2019-10194 | Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. | 5.5 |
| 2019-07-02 | CVE-2019-10136 | Unspecified vulnerability in Redhat Satellite and Spacewalk It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. | 4.3 |
| 2019-06-27 | CVE-2019-10177 | Cross-site Scripting vulnerability in Redhat Cloudforms Management Engine 5.10/5.9 A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. | 6.5 |
| 2019-06-24 | CVE-2019-12384 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. | 5.9 |
| 2019-06-19 | CVE-2019-11038 | Use of Uninitialized Resource vulnerability in multiple products When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. | 5.3 |
| 2019-06-14 | CVE-2019-10159 | Unspecified vulnerability in Redhat Cfme-Gemset and Cloudforms cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. | 4.3 |
| 2019-06-12 | CVE-2019-3875 | Improper Certificate Validation vulnerability in Redhat Keycloak and Single Sign-On A vulnerability was found in keycloak before 6.0.2. | 4.8 |
| 2019-06-12 | CVE-2019-3872 | Cross-site Scripting vulnerability in Redhat products It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. | 5.4 |