Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Software Collections
Subscriptions
Total
1793 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-0217 | 8 Apache, Canonical, Debian and 5 more | 16 Http Server, Ubuntu Linux, Debian Linux and 13 more | 2024-08-04 | 7.5 High |
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. | ||||
CVE-2020-36327 | 4 Bundler, Fedoraproject, Microsoft and 1 more | 7 Bundler, Fedora, Package Manager Configurations and 4 more | 2024-08-04 | 8.8 High |
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. | ||||
CVE-2020-27783 | 6 Debian, Fedoraproject, Lxml and 3 more | 9 Debian Linux, Fedora, Lxml and 6 more | 2024-08-04 | 6.1 Medium |
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. | ||||
CVE-2020-27619 | 4 Fedoraproject, Oracle, Python and 1 more | 5 Fedora, Communications Cloud Native Core Network Function Cloud Native Environment, Python and 2 more | 2024-08-04 | 9.8 Critical |
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. | ||||
CVE-2020-26116 | 8 Canonical, Debian, Fedoraproject and 5 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-08-04 | 7.2 High |
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | ||||
CVE-2020-26137 | 5 Canonical, Debian, Oracle and 2 more | 8 Ubuntu Linux, Debian Linux, Communications Cloud Native Core Network Function Cloud Native Environment and 5 more | 2024-08-04 | 6.5 Medium |
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. | ||||
CVE-2020-25695 | 3 Debian, Postgresql, Redhat | 6 Debian Linux, Postgresql, Enterprise Linux and 3 more | 2024-08-04 | 8.8 High |
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2020-25694 | 3 Debian, Postgresql, Redhat | 6 Debian Linux, Postgresql, Enterprise Linux and 3 more | 2024-08-04 | 8.1 High |
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2020-25696 | 3 Debian, Postgresql, Redhat | 6 Debian Linux, Postgresql, Enterprise Linux and 3 more | 2024-08-04 | 7.5 High |
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2020-25649 | 7 Apache, Fasterxml, Fedoraproject and 4 more | 50 Iotdb, Jackson-databind, Fedora and 47 more | 2024-08-04 | 7.5 High |
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. | ||||
CVE-2020-25613 | 3 Fedoraproject, Redhat, Ruby-lang | 7 Fedora, Enterprise Linux, Rhel E4s and 4 more | 2024-08-04 | 7.5 High |
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. | ||||
CVE-2020-24750 | 4 Debian, Fasterxml, Oracle and 1 more | 29 Debian Linux, Jackson-databind, Agile Plm and 26 more | 2024-08-04 | 8.1 High |
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. | ||||
CVE-2020-15366 | 2 Ajv.js, Redhat | 6 Ajv, Ansible Automation Platform, Enterprise Linux and 3 more | 2024-08-04 | 5.6 Medium |
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.) | ||||
CVE-2020-15180 | 5 Debian, Galeracluster, Mariadb and 2 more | 9 Debian Linux, Galera Cluster For Mysql, Mariadb and 6 more | 2024-08-04 | 9.0 Critical |
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6. | ||||
CVE-2020-15095 | 4 Fedoraproject, Npmjs, Opensuse and 1 more | 6 Fedora, Npm, Leap and 3 more | 2024-08-04 | 4.4 Medium |
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files. | ||||
CVE-2020-14888 | 2 Oracle, Redhat | 3 Mysql, Enterprise Linux, Rhel Software Collections | 2024-08-04 | 4.9 Medium |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
CVE-2020-14860 | 3 Netapp, Oracle, Redhat | 7 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 4 more | 2024-08-04 | 2.7 Low |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). | ||||
CVE-2020-14861 | 3 Netapp, Oracle, Redhat | 7 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 4 more | 2024-08-04 | 4.9 Medium |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
CVE-2020-14893 | 2 Oracle, Redhat | 3 Mysql, Enterprise Linux, Rhel Software Collections | 2024-08-04 | 4.9 Medium |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
CVE-2020-14891 | 2 Oracle, Redhat | 3 Mysql, Enterprise Linux, Rhel Software Collections | 2024-08-04 | 4.9 Medium |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |