Redhat: Security Vulnerabilities
Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.074
Published
2019-12-10
Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.013
Published
2019-12-10
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.031
Published
2019-12-10
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
CVSS Score
9.8
EPSS Score
0.001
Published
2019-12-10
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
CVSS Score
9.8
EPSS Score
0.008
Published
2019-12-10
JBoss KeyCloak: XSS in login-status-iframe.html
CVSS Score
6.1
EPSS Score
0.003
Published
2019-12-10
openstack-utils openstack-db has insecure password creation
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-10
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies
CVSS Score
3.3
EPSS Score
0.001
Published
2019-12-06
CVE-2019-5544
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Known exploited
CVSS Score
9.8
EPSS Score
0.927
Published
2019-12-06
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
CVSS Score
8.1
EPSS Score
0.007
Published
2019-12-06