Redhat: Security Vulnerabilities
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
CVSS Score
9.8
EPSS Score
0.012
Published
2019-11-04
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.046
Published
2019-11-04
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-11-04
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-11-04
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-04
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-04
Insecure temporary file vulnerability in RedHat vsdm 4.9.6.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-04
JBoss AeroGear has reflected XSS via the password field
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-04
CloudForms stores user passwords in recoverable format
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-04
RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-04