Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-13728 4Debian FedoraprojectGoogle+1 more 7Chrome Debian LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Dec 10, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-13727 4Debian FedoraprojectGoogle+1 more 7Chrome Debian LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Dec 10, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
CVE-2019-13726 4Debian FedoraprojectGoogle+1 more 7Chrome Debian LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Dec 10, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2019-13725 4Debian FedoraprojectGoogle+1 more 7Chrome Debian LinuxEnterprise Linux Desktop+4 more Nov 21, 2024 Dec 10, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2013-2167 3Debian OpenstackRedhat 3Debian Linux OpenstackPython Keystoneclient Nov 21, 2024 Dec 10, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
CVE-2013-2166 4Debian FedoraprojectOpenstack+1 more 4Debian Linux FedoraOpenstack+1 more Nov 21, 2024 Dec 10, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
CVE-2014-3656 1Redhat 1Jboss Keycloak Nov 21, 2024 Dec 10, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 JBoss KeyCloak: XSS in login-status-iframe.html
CVE-2013-1793 1Redhat 2Openstack Openstack Essex Nov 21, 2024 Dec 10, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 openstack-utils openstack-db has insecure password creation
CVE-2012-2148 1Redhat 2Jboss Community Application Server Jboss Enterprise Web Server Nov 21, 2024 Dec 6, 2019 N/A· v4 3.3 LOW· v3 1.9 LOW· v2 An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies
CVE-2019-5544 4Fedoraproject OpenslpRedhat+1 more 16Enterprise Linux Desktop Enterprise Linux For Ibm Z SystemsEnterprise Linux For Ibm Z Systems Eus+13 more Oct 30, 2025 Dec 6, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
CVE-2019-19334 3Cesnet FedoraprojectRedhat 3Enterprise Linux FedoraLibyang Nov 21, 2024 Dec 6, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG file...Show more In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.Show less
CVE-2019-19333 2Cesnet Redhat 2Enterprise Linux Libyang Nov 21, 2024 Dec 6, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may b...Show more In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.Show less
CVE-2019-19624 2Opencv Redhat 2Enterprise Linux Opencv Nov 21, 2024 Dec 6, 2019 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, t...Show more An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.Show less
CVE-2019-11255 2Kubernetes Redhat 4External Provisioner External ResizerExternal Snapshotter+1 more Nov 21, 2024 Dec 5, 2019 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2)...Show more Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.Show less
CVE-2019-14910 1Redhat 1Keycloak Nov 21, 2024 Dec 5, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if inv...Show more A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.Show less
CVE-2013-0163 1Redhat 1Openshift Nov 21, 2024 Dec 5, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
CVE-2019-14909 1Redhat 1Keycloak Nov 21, 2024 Dec 4, 2019 N/A· v4 8.3 HIGH· v3 7.5 HIGH· v2 A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.
CVE-2019-13456 3Freeradius OpensuseRedhat 3Enterprise Linux FreeradiusLeap Nov 21, 2024 Dec 3, 2019 N/A· v4 6.5 MEDIUM· v3 2.9 LOW· v2 In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an atta...Show more In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.Show less
CVE-2013-4486 1Redhat 1Zanata Nov 21, 2024 Dec 3, 2019 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging
CVE-2013-4235 3Debian FedoraprojectRedhat 4Debian Linux Enterprise LinuxFedora+1 more Nov 21, 2024 Dec 3, 2019 N/A· v4 4.7 MEDIUM· v3 3.3 LOW· v2 shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Previous 1...838485...284 Next