Redhat: Security Vulnerabilities
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
CVSS Score
8.8
EPSS Score
0.109
Published
2020-01-14
The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-01-14
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-01-14
abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.
CVSS Score
7.1
EPSS Score
0.0
Published
2020-01-14
Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-01-14
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-01-14
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
CVSS Score
7.8
EPSS Score
0.01
Published
2020-01-14
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-01-13
Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.029
Published
2020-01-10
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.
CVSS Score
3.3
EPSS Score
0.002
Published
2020-01-09