Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-16776 5Fedoraproject NpmjsOpensuse+2 more 6Enterprise Linux Enterprise Linux EusFedora+3 more Nov 21, 2024 Dec 13, 2019 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in...Show more Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.Show less
CVE-2019-16775 5Fedoraproject NpmjsOpensuse+2 more 6Enterprise Linux Enterprise Linux EusFedora+3 more Nov 21, 2024 Dec 13, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A prop...Show more Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.Show less
CVE-2019-14849 1Redhat 13scale Nov 21, 2024 Dec 12, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized in...Show more A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.Show less
CVE-2014-0163 1Redhat 1Openshift Nov 21, 2024 Dec 11, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
CVE-2014-0026 1Redhat 1Subscription Asset Manager Nov 21, 2024 Dec 11, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 katello-headpin is vulnerable to CSRF in REST API
CVE-2013-7370 4Debian OpensuseRedhat+1 more 4Connect Debian LinuxOpenshift+1 more Nov 21, 2024 Dec 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
CVE-2013-6495 1Redhat 2Jboss Enterprise Application Platform Jboss Portal Nov 21, 2024 Dec 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 JBossWeb Bayeux has reflected XSS
CVE-2019-13764 6Debian FedoraprojectGoogle+3 more 8Backports Sle ChromeDebian Linux+5 more Nov 21, 2024 Dec 10, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-13763 4Debian FedoraprojectGoogle+1 more 7Chrome Debian LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Dec 10, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
CVE-2019-13762 4Debian FedoraprojectGoogle+1 more 7Chrome Debian LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Dec 10, 2019 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.
CVE-2019-13761 4Debian FedoraprojectGoogle+1 more 7Chrome Debian LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Dec 10, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2019-13759 4Debian FedoraprojectGoogle+1 more 7Chrome Debian LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Dec 10, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2019-13758 4Debian FedoraprojectGoogle+1 more 7Chrome Debian LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Dec 10, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2019-13757 4Debian FedoraprojectGoogle+1 more 7Chrome Debian LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Dec 10, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2019-13756 4Debian FedoraprojectGoogle+1 more 7Chrome Debian LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Dec 10, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2019-13755 4Debian FedoraprojectGoogle+1 more 7Chrome Debian LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Dec 10, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.
CVE-2019-13754 4Debian FedoraprojectGoogle+1 more 7Chrome Debian LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Dec 10, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2019-13753 5Canonical DebianFedoraproject+2 more 8Chrome Debian LinuxEnterprise Linux Desktop+5 more Nov 21, 2024 Dec 10, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2019-13752 5Canonical DebianFedoraproject+2 more 8Chrome Debian LinuxEnterprise Linux Desktop+5 more Nov 21, 2024 Dec 10, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2019-13751 5Canonical DebianFedoraproject+2 more 8Chrome Debian LinuxEnterprise Linux Desktop+5 more Nov 21, 2024 Dec 10, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Previous 1...818283...284 Next