Vulnerabilities > Redhat > Enterprise Linux > 6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-20 | CVE-2014-4650 | Path Traversal vulnerability in multiple products The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. | 9.8 |
| 2020-02-17 | CVE-2014-8089 | SQL Injection vulnerability in multiple products SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | 9.8 |
| 2020-02-08 | CVE-2012-4512 | Type Confusion vulnerability in multiple products The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." | 8.8 |
| 2020-01-31 | CVE-2015-6815 | Infinite Loop vulnerability in multiple products The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. | 3.5 |
| 2020-01-16 | CVE-2019-9503 | Improper Input Validation vulnerability in multiple products The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. | 8.3 |
| 2020-01-15 | CVE-2020-2655 | Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). | 4.8 |
| 2020-01-15 | CVE-2020-2654 | Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). | 3.7 |
| 2020-01-09 | CVE-2012-2142 | The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | 7.8 |
| 2020-01-03 | CVE-2012-4451 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper. | 6.1 |
| 2020-01-02 | CVE-2019-14864 | Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. | 6.5 |