Vulnerabilities in Red Hat
1,478 resultsCVE-2023-5869HIGHPostgresql: buffer overrun from integer overflow in array modificationEPSS 4.3%CVE-2020-1693HIGHA flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unautheEPSS 4.2%CVE-2023-32252HIGHSession null pointer dereference denial-of-service vulnerabilityEPSS 4.1%CVE-2023-32248HIGHTree connection null pointer dereference denial-of-service vulnerabilityEPSS 4.1%CVE-2020-1711HIGHAn out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a responseEPSS 4.0%CVE-2019-14893HIGHA flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserializatEPSS 4.0%CVE-2016-7041MEDIUMDrools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory EPSS 4.0%CVE-2023-32247HIGHSession setup memory exhaustion denial-of-service vulnerabilityEPSS 3.9%CVE-2019-19334HIGHIn all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of tEPSS 3.9%CVE-2016-9577HIGHA vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messaEPSS 3.8%CVE-2019-19333HIGHIn all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of tEPSS 3.6%CVE-2023-5685HIGHXnio: stackoverflowexception when the chain of notifier states becomes problematically bigEPSS 3.5%CVE-2020-1764HIGHA hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote atEPSS 3.5%CVE-2020-10704HIGHA flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active DirecEPSS 3.5%CVE-2019-3888MEDIUMA vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because EPSS 3.4%CVE-2018-10907HIGHIt was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fEPSS 3.4%CVE-2018-10929HIGHA flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitraryEPSS 3.3%CVE-2016-8628HIGHAnsible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to creEPSS 3.3%CVE-2019-14889HIGHA flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects tEPSS 3.2%CVE-2019-14907MEDIUMAll samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3"EPSS 3.2%