Vulnerabilities > Redhat > Enterprise Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-31 | CVE-2020-10696 | Path Traversal vulnerability in multiple products A path traversal flaw was found in Buildah in versions before 1.14.5. | 8.8 |
| 2020-03-31 | CVE-2020-1712 | Use After Free vulnerability in multiple products A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. | 7.8 |
| 2020-03-20 | CVE-2019-10221 | Cross-site Scripting vulnerability in multiple products A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. | 6.1 |
| 2020-03-20 | CVE-2019-10179 | A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. | 6.1 |
| 2020-03-18 | CVE-2019-10146 | A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. | 4.7 |
| 2020-03-17 | CVE-2020-1720 | Missing Authorization vulnerability in multiple products A flaw was found in PostgreSQL's "ALTER ... | 6.5 |
| 2020-02-20 | CVE-2014-4650 | Path Traversal vulnerability in multiple products The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. | 9.8 |
| 2020-02-17 | CVE-2014-8089 | SQL Injection vulnerability in multiple products SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | 9.8 |
| 2020-02-11 | CVE-2020-1726 | A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. | 5.9 |
| 2020-02-11 | CVE-2020-1711 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. | 6.0 |