Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-0603 2Microsoft Redhat 3Asp.net Core Enterprise LinuxEnterprise Linux Eus Nov 21, 2024 Jan 14, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context o...Show more A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.Show less
CVE-2020-0602 2Microsoft Redhat 3Asp.net Core Enterprise LinuxEnterprise Linux Eus Nov 21, 2024 Jan 14, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
CVE-2015-3159 1Redhat 1Automatic Bug Reporting Tool Nov 21, 2024 Jan 14, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users...Show more The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.Show less
CVE-2015-3151 1Redhat 1Automatic Bug Reporting Tool Nov 21, 2024 Jan 14, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInf...Show more Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.Show less
CVE-2015-3150 1Redhat 1Automatic Bug Reporting Tool Nov 21, 2024 Jan 14, 2020 N/A· v4 7.1 HIGH· v3 7.2 HIGH· v2 abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProb...Show more abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.Show less
CVE-2015-3147 1Redhat 7Automatic Bug Reporting Tool Enterprise Linux DesktopEnterprise Linux Server+4 more Nov 21, 2024 Jan 14, 2020 N/A· v4 6.5 MEDIUM· v3 4.9 MEDIUM· v2 daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a...Show more daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.Show less
CVE-2015-1869 1Redhat 1Automatic Bug Reporting Tool Nov 21, 2024 Jan 14, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.
CVE-2014-7844 3Bsd Mailx Project DebianRedhat 8Bsd Mailx Debian LinuxEnterprise Linux Desktop+5 more Nov 21, 2024 Jan 14, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
CVE-2020-6851 5Debian FedoraprojectOracle+2 more 12Debian Linux Enterprise LinuxEnterprise Linux Desktop+9 more Nov 21, 2024 Jan 13, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
CVE-2020-6377 5Debian FedoraprojectGoogle+2 more 7Backports Sle ChromeDebian Linux+4 more Nov 21, 2024 Jan 10, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2012-2142 4Freedesktop OpensuseRedhat+1 more 4Enterprise Linux OpensusePoppler+1 more Nov 21, 2024 Jan 9, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
CVE-2010-3282 3Fedoraproject HpRedhat 4389 Directory Server Directory ServerHp Ux Directory Server+1 more Nov 21, 2024 Jan 9, 2020 N/A· v4 3.3 LOW· v3 1.9 LOW· v2 389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when c...Show more 389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.Show less
CVE-2019-19332 2Linux Redhat 2Enterprise Linux Linux Kernel Nov 21, 2024 Jan 9, 2020 N/A· v4 6.1 MEDIUM· v3 5.6 MEDIUM· v2 An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulat...Show more An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.Show less
CVE-2014-2686 1Redhat 1Ansible Nov 21, 2024 Jan 9, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Ansible prior to 1.5.4 mishandles the evaluation of some strings.
CVE-2019-17024 5Canonical DebianMozilla+2 more 12Debian Linux Enterprise LinuxEnterprise Linux Desktop+9 more Nov 21, 2024 Jan 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl...Show more Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.Show less
CVE-2019-17022 4Canonical DebianMozilla+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Jan 8, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element t...Show more When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.Show less
CVE-2019-17017 4Canonical DebianMozilla+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Jan 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affec...Show more Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.Show less
CVE-2019-17016 4Canonical DebianMozilla+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Jan 8, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfil...Show more When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.Show less
CVE-2019-11745 6Canonical DebianMozilla+3 more 15Debian Linux Enterprise Linux Server AusFirefox+12 more Nov 21, 2024 Jan 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploi...Show more When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.Show less
CVE-2019-14820 1Redhat 4Jboss Enterprise Application Platform Jboss FuseKeycloak+1 more Nov 21, 2024 Jan 8, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker...Show more It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.Show less

Previous 1...777879...284 Next