Vulnerabilities > Redhat > Enterprise Linux > High

DATE CVE VULNERABILITY TITLE RISK
2020-04-17 CVE-2020-1751 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC.
local
high complexity
gnu redhat canonical CWE-787
7.0
2020-04-17 CVE-2020-11868 Origin Validation Error vulnerability in multiple products
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
network
low complexity
ntp redhat netapp debian opensuse CWE-346
7.5
2020-03-31 CVE-2020-10696 Path Traversal vulnerability in multiple products
A path traversal flaw was found in Buildah in versions before 1.14.5.
network
low complexity
buildah-project redhat CWE-22
8.8
2020-03-31 CVE-2020-1712 Use After Free vulnerability in multiple products
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages.
local
low complexity
systemd-project redhat debian CWE-416
7.8
2020-02-08 CVE-2012-4512 Type Confusion vulnerability in multiple products
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
network
low complexity
kde redhat CWE-843
8.8
2020-02-07 CVE-2019-15604 Improper Certificate Validation vulnerability in multiple products
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
network
low complexity
nodejs debian opensuse redhat oracle CWE-295
7.5
2020-01-27 CVE-2015-0294 Improper Certificate Validation vulnerability in multiple products
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
network
low complexity
gnu debian redhat CWE-295
7.5
2020-01-16 CVE-2019-9503 Improper Input Validation vulnerability in multiple products
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass.
high complexity
broadcom redhat CWE-20
8.3
2020-01-15 CVE-2020-2604 Deserialization of Untrusted Data vulnerability in multiple products
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
8.1
2020-01-14 CVE-2020-0603 Out-of-bounds Write vulnerability in multiple products
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
network
low complexity
microsoft redhat CWE-787
8.8