Enterprise Linux Security Vulnerabilities and Issues — Enterprise Linux CVE List

Lucene search

RedhatEnterprise Linux

10 matches found

CVE•added 2020/02/07 3:15 p.m.•460 views

CVE-2019-15605

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

9.8CVSS9.5AI score0.43322EPSS

CVE•added 2020/02/11 8:15 p.m.•392 views

CVE-2020-1711

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this fla...

7.7CVSS6.4AI score0.00758EPSS

CVE•added 2020/02/20 5:15 p.m.•358 views

CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demons...

9.8CVSS7.5AI score0.12946EPSS

CVE•added 2020/02/07 3:15 p.m.•280 views

CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

9.8CVSS9.4AI score0.03456EPSS

CVE•added 2020/02/07 3:15 p.m.•256 views

CVE-2019-15604

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

7.5CVSS8.2AI score0.03448EPSS

CVE•added 2020/02/11 8:15 p.m.•236 views

CVE-2020-1726

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time...

5.9CVSS5.5AI score0.00163EPSS

CVE•added 2020/02/08 7:15 p.m.•207 views

CVE-2015-5741

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.

9.8CVSS9AI score0.01751EPSS

CVE•added 2020/02/08 7:15 p.m.•135 views

CVE-2012-4512

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

8.8CVSS8AI score0.09042EPSS

CVE•added 2020/02/17 10:15 p.m.•121 views

CVE-2014-8089

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

9.8CVSS9.8AI score0.01115EPSS

CVE•added 2020/02/11 7:15 p.m.•104 views

CVE-2009-4067

Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.

7.2CVSS7.7AI score0.00609EPSS