Redhat: Security Vulnerabilities
PyXML: Hash table collisions CPU usage Denial of Service
CVSS Score
7.5
EPSS Score
0.005
Published
2019-11-22
Designate does not enforce the DNS protocol limit concerning record set sizes
CVSS Score
6.5
EPSS Score
0.009
Published
2019-11-22
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files
CVSS Score
4.7
EPSS Score
0.001
Published
2019-11-22
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions
CVSS Score
9.8
EPSS Score
0.003
Published
2019-11-22
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center
CVSS Score
6.5
EPSS Score
0.002
Published
2019-11-22
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
CVSS Score
6.4
EPSS Score
0.002
Published
2019-11-22
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-11-22
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data
CVSS Score
9.8
EPSS Score
0.031
Published
2019-11-21
cumin: At installation postgresql database user created without password
CVSS Score
9.8
EPSS Score
0.004
Published
2019-11-21
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-21