Redhat

Enterprise Linux

1715 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2014-4650

Exploit
  • EPSS 6.02%
  • Veröffentlicht 20.02.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 02:10:38

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended...

9.8

CVE-2014-8089

Exploit
  • EPSS 1.12%
  • Veröffentlicht 17.02.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 02:18:31

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

5.9

CVE-2020-1726

  • EPSS 0.16%
  • Veröffentlicht 11.02.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:11:15

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with a...

6

CVE-2020-1711

  • EPSS 0.56%
  • Veröffentlicht 11.02.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:13

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_s...

7.2

CVE-2009-4067

Exploit
  • EPSS 0.61%
  • Veröffentlicht 11.02.2020 19:15:10
  • Zuletzt bearbeitet 21.11.2024 01:08:51

Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full con...

8.8

CVE-2012-4512

Exploit
  • EPSS 12.76%
  • Veröffentlicht 08.02.2020 19:15:10
  • Zuletzt bearbeitet 21.11.2024 01:43:02

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

9.8

CVE-2015-5741

  • EPSS 1.75%
  • Veröffentlicht 08.02.2020 19:15:10
  • Zuletzt bearbeitet 21.11.2024 02:33:45

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fiel...

7.5

CVE-2019-15604

Exploit
  • EPSS 4.72%
  • Veröffentlicht 07.02.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:06

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

9.8

CVE-2019-15605

  • EPSS 32.25%
  • Veröffentlicht 07.02.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:06

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

9.8

CVE-2019-15606

Exploit
  • EPSS 1.74%
  • Veröffentlicht 07.02.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:07

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons