Redhat

Enterprise Linux

1857 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.66%
  • Veröffentlicht 18.03.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:30

A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that ...

  • EPSS 1.18%
  • Veröffentlicht 17.03.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:14

A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et...

Exploit
  • EPSS 24.7%
  • Veröffentlicht 20.02.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 02:10:38

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended...

Exploit
  • EPSS 2.55%
  • Veröffentlicht 17.02.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 02:18:31

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

  • EPSS 1.85%
  • Veröffentlicht 11.02.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:11:15

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with a...

  • EPSS 4.02%
  • Veröffentlicht 11.02.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:13

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_s...

Exploit
  • EPSS 2.06%
  • Veröffentlicht 11.02.2020 19:15:10
  • Zuletzt bearbeitet 21.11.2024 01:08:51

Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full con...

Exploit
  • EPSS 11.66%
  • Veröffentlicht 08.02.2020 19:15:10
  • Zuletzt bearbeitet 21.11.2024 01:43:02

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

  • EPSS 2.7%
  • Veröffentlicht 08.02.2020 19:15:10
  • Zuletzt bearbeitet 21.11.2024 02:33:45

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fiel...

Exploit
  • EPSS 20.46%
  • Veröffentlicht 07.02.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:06

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate