Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-07 | CVE-2019-15604 | Improper Certificate Validation vulnerability in multiple products Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate | 7.5 |
| 2020-02-06 | CVE-2013-4166 | Information Exposure vulnerability in multiple products The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. | 7.5 |
| 2020-01-31 | CVE-2014-8141 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 7.8 |
| 2020-01-31 | CVE-2014-8140 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 7.8 |
| 2020-01-31 | CVE-2014-8139 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 7.8 |
| 2020-01-27 | CVE-2020-7238 | HTTP Request Smuggling vulnerability in multiple products Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. | 7.5 |
| 2020-01-16 | CVE-2019-9503 | Improper Input Validation vulnerability in multiple products The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. | 7.9 |
| 2020-01-15 | CVE-2020-2604 | Deserialization of Untrusted Data vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). | 8.1 |
| 2020-01-14 | CVE-2015-3159 | Unspecified vulnerability in Redhat Automatic BUG Reporting Tool The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges. | 7.8 |
| 2020-01-14 | CVE-2015-3151 | Path Traversal vulnerability in Redhat Automatic BUG Reporting Tool Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method. | 7.8 |