Filtered by vendor Redhat
Subscriptions
Total
22981 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10773 | 2 Redhat, Yarnpkg | 2 Quay, Yarn | 2024-11-21 | 7.8 High |
| In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set. | ||||
| CVE-2019-10768 | 2 Angularjs, Redhat | 4 Angular.js, Amq Broker, Jboss Fuse and 1 more | 2024-11-21 | 7.5 High |
| In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload. | ||||
| CVE-2019-10747 | 2 Redhat, Set-value Project | 3 Enterprise Linux, Rhel Software Collections, Set-value | 2024-11-21 | 9.8 Critical |
| set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads. | ||||
| CVE-2019-10746 | 4 Fedoraproject, Mixin-deep Project, Oracle and 1 more | 5 Fedora, Mixin-deep, Communications Cloud Native Core Network Function Cloud Native Environment and 2 more | 2024-11-21 | 9.8 Critical |
| mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. | ||||
| CVE-2019-10744 | 5 F5, Lodash, Netapp and 2 more | 26 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 23 more | 2024-11-21 | 9.1 Critical |
| Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. | ||||
| CVE-2019-10650 | 3 Debian, Imagemagick, Redhat | 3 Debian Linux, Imagemagick, Enterprise Linux | 2024-11-21 | N/A |
| In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. | ||||
| CVE-2019-10639 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | N/A |
| The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace. | ||||
| CVE-2019-10638 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-11-21 | N/A |
| In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. | ||||
| CVE-2019-10432 | 2 Jenkins, Redhat | 2 Html Publisher, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able to change those. | ||||
| CVE-2019-10431 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 9.9 Critical |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts. | ||||
| CVE-2019-10406 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 4.8 Medium |
| Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. | ||||
| CVE-2019-10405 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly. | ||||
| CVE-2019-10404 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors. | ||||
| CVE-2019-10403 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions. | ||||
| CVE-2019-10402 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents. | ||||
| CVE-2019-10401 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure). | ||||
| CVE-2019-10400 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 4.2 Medium |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts. | ||||
| CVE-2019-10399 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 4.2 Medium |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts. | ||||
| CVE-2019-10394 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 4.2 Medium |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts. | ||||
| CVE-2019-10393 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 4.2 Medium |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts. | ||||