Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-1753 3Debian FedoraprojectRedhat 4Ansible Engine Ansible TowerDebian Linux+1 more Nov 21, 2024 Mar 16, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s mo...Show more A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.Show less
CVE-2019-14887 1Redhat 6Jboss Data Grid Jboss Enterprise Application PlatformJboss Fuse+3 more Nov 21, 2024 Mar 16, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the...Show more A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.Show less
CVE-2020-10531 9Canonical DebianFedoraproject+6 more 11Banking Extensibility Workbench ChromeDebian Linux+8 more Nov 21, 2024 Mar 12, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unist...Show more An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.Show less
CVE-2020-1739 3Debian FedoraprojectRedhat 6Ansible Ansible TowerCloudforms Management Engine+3 more Nov 21, 2024 Mar 12, 2020 N/A· v4 3.9 LOW· v3 3.3 LOW· v2 A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the s...Show more A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.Show less
CVE-2020-1733 3Debian FedoraprojectRedhat 6Ansible Ansible TowerCloudforms Management Engine+3 more Nov 21, 2024 Mar 11, 2020 N/A· v4 5.0 MEDIUM· v3 3.7 LOW· v2 A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temp...Show more A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.Show less
CVE-2011-2487 2Apache Redhat 10Cxf Jboss Business Rules Management SystemJboss Enterprise Application Platform+7 more Nov 21, 2024 Mar 11, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
CVE-2012-1094 1Redhat 1Jboss Application Server Nov 21, 2024 Mar 10, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.
CVE-2020-1737 1Redhat 2Ansible Engine Ansible Tower Nov 21, 2024 Mar 9, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination...Show more A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.Show less
CVE-2020-1706 1Redhat 1Openshift Container Platform Nov 21, 2024 Mar 9, 2020 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other tha...Show more It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/apb-tools-container.Show less
CVE-2019-14886 1Redhat 2Decision Manager Process Automation Manager Nov 21, 2024 Mar 5, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encrypt...Show more A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed.Show less
CVE-2020-8661 2Cncf Redhat 2Envoy Openshift Service Mesh Nov 21, 2024 Mar 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
CVE-2020-8659 3Cncf DebianRedhat 3Debian Linux EnvoyOpenshift Service Mesh Nov 21, 2024 Mar 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.
CVE-2020-1734 1Redhat 2Ansible Engine Ansible Tower Nov 21, 2024 Mar 3, 2020 N/A· v4 7.4 HIGH· v3 3.7 LOW· v2 A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by q...Show more A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.Show less
CVE-2020-1731 1Redhat 1Keycloak Operator Nov 21, 2024 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when d...Show more A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace.Show less
CVE-2019-14892 3Apache FasterxmlRedhat 8Decision Manager GeodeJackson Databind+5 more Nov 21, 2024 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An atta...Show more A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.Show less
CVE-2020-6418 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Oct 24, 2025 Feb 27, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6386 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 27, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6384 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 27, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6383 4Debian FedoraprojectGoogle+1 more 6Chrome Debian LinuxEnterprise Linux Desktop+3 more Nov 21, 2024 Feb 27, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2015-5201 1Redhat 2Enterprise Virtualization Enterprise Virtualization Hypervisor Nov 21, 2024 Feb 25, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run...Show more VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.Show less

Previous 1...727374...284 Next