Vulnerabilities > Redhat > High

DATE CVE VULNERABILITY TITLE RISK
2020-03-04 CVE-2020-8659 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e.
network
low complexity
cncf redhat debian CWE-770
7.5
7.5
2020-03-03 CVE-2020-1734 Unspecified vulnerability in Redhat Ansible Engine and Ansible Tower
A flaw was found in the pipe lookup plugin of ansible.
local
high complexity
redhat
7.4
7.4
2020-02-27 CVE-2020-6418 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject redhat debian CWE-843
8.8
8.8
2020-02-27 CVE-2020-6386 Use After Free vulnerability in multiple products
Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject redhat debian CWE-416
8.8
8.8
2020-02-27 CVE-2020-6384 Use After Free vulnerability in multiple products
Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject redhat debian CWE-416
8.8
8.8
2020-02-27 CVE-2020-6383 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject redhat debian CWE-843
8.8
8.8
2020-02-25 CVE-2015-5201 Missing Authentication for Critical Function vulnerability in Redhat products
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.
network
low complexity
redhat CWE-306
7.5
7.5
2020-02-19 CVE-2012-6685 XML Entity Expansion vulnerability in multiple products
Nokogiri before 1.5.4 is vulnerable to XXE attacks
network
low complexity
nokogiri redhat CWE-776
7.5
7.5
2020-02-17 CVE-2020-1704 Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Service Mesh 1.0/1.0.7
An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container.
local
low complexity
redhat CWE-732
7.8
7.8
2020-02-13 CVE-2020-3757 Type Confusion vulnerability in multiple products
Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability.
network
low complexity
adobe redhat CWE-843
8.8
8.8