Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-01	CVE-2019-3876	Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. network low complexity redhat	6.3
2019-04-01	CVE-2019-1002101	Link Following vulnerability in multiple products The kubectl cp command allows copying files between containers and the user machine. local low complexity kubernetes redhat CWE-59	5.5
2019-04-01	CVE-2019-1002100	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. network low complexity kubernetes redhat CWE-770	6.5
2019-03-27	CVE-2019-3877	Open Redirect vulnerability in multiple products A vulnerability was found in mod_auth_mellon before v0.14.2. network low complexity mod-auth-mellon-project fedoraproject redhat canonical CWE-601	6.1
2019-03-27	CVE-2019-3840	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. network high complexity redhat opensuse CWE-476	6.3
2019-03-27	CVE-2019-3828	Path Traversal vulnerability in Redhat Ansible Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path. local low complexity redhat CWE-22	4.2
2019-03-27	CVE-2018-10934	Cross-site Scripting vulnerability in Redhat products A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. network low complexity redhat CWE-79	5.4
2019-03-26	CVE-2019-3826	A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. network low complexity prometheus redhat	6.1
2019-03-25	CVE-2019-3874	The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. low complexity linux debian redhat canonical netapp	6.5
2019-03-25	CVE-2019-3838	It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. local low complexity artifex redhat fedoraproject opensuse debian	5.5