Vulnerabilities > Redhat > Enterprise Linux > High

DATE CVE VULNERABILITY TITLE RISK
2020-03-31 CVE-2020-1712 Use After Free vulnerability in multiple products
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages.
local
low complexity
systemd-project redhat debian CWE-416
7.8
2020-02-08 CVE-2012-4512 Type Confusion vulnerability in multiple products
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
network
low complexity
kde redhat CWE-843
8.8
2020-02-07 CVE-2019-15604 Improper Certificate Validation vulnerability in multiple products
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
network
low complexity
nodejs debian opensuse redhat oracle CWE-295
7.5
2020-01-27 CVE-2015-0294 Improper Certificate Validation vulnerability in multiple products
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
network
low complexity
gnu debian redhat CWE-295
7.5
2020-01-16 CVE-2019-9503 Improper Input Validation vulnerability in multiple products
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass.
high complexity
broadcom redhat CWE-20
8.3
2020-01-15 CVE-2020-2604 Deserialization of Untrusted Data vulnerability in multiple products
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
8.1
2020-01-14 CVE-2020-0603 Out-of-bounds Write vulnerability in multiple products
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
network
low complexity
microsoft redhat CWE-787
8.8
2020-01-14 CVE-2020-0602 A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
network
low complexity
microsoft redhat
7.5
2020-01-13 CVE-2020-6851 Out-of-bounds Write vulnerability in multiple products
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
7.5
2020-01-09 CVE-2012-2142 The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
local
low complexity
freedesktop xpdfreader redhat opensuse
7.8