Redhat
redhat
5,676 CVEs • 537 products
Products (537)
Click to collapseToggle
Products (537)
Click to collapse
CVEs (5,676)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
4Debian FedoraprojectGoogle+1 more6Chrome Debian LinuxEnterprise Linux Desktop+3 moreNov 21, 2024 Feb 27, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
1Redhat 2Enterprise Virtualization Enterprise Virtualization HypervisorNov 21, 2024 Feb 25, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run...Show more |
2Python Redhat3Enterprise Linux PythonSoftware CollectionsNov 21, 2024 Feb 20, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal...Show more |
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@s...Show more |
The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file. |
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. |
2Debian Redhat2Ansible Debian LinuxNov 21, 2024 Feb 20, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an i...Show more |
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumsta...Show more |
2Nokogiri Redhat8Cloudforms Management Engine Enterprise MrgNokogiri+5 moreNov 21, 2024 Feb 19, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Nokogiri before 1.5.4 is vulnerable to XXE attacks |
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact...Show more |
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted looku...Show more |
3Fedoraproject RedhatZend3Enterprise Linux FedoraZend FrameworkNov 21, 2024 Feb 17, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. |
A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain...Show more |
1Redhat 1Openshift Service Mesh Nov 21, 2024 Feb 17, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to...Show more |
vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’...Show more |
2Adobe Redhat4Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+1 moreNov 21, 2024 Feb 13, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code exe...Show more |
3Fedoraproject Gpgme ProjectRedhat9Enterprise Linux For Ibm Z Systems Enterprise Linux For Power Little EndianEnterprise Linux Server+6 moreNov 21, 2024 Feb 12, 2020 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signatu...Show more |
2Istio Redhat2Istio Openshift Service MeshNov 21, 2024 Feb 12, 2020 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even i...Show more |
5Canonical DebianLinuxfoundation+2 more5Debian Linux LeapOpenshift Container Platform+2 moreNov 21, 2024 Feb 12, 2020 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount...Show more |
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related...Show more |