Filtered by vendor Redhat Subscriptions
Filtered by product Rhosemc Subscriptions
Total 105 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-11022 9 Debian, Drupal, Fedoraproject and 6 more 88 Debian Linux, Drupal, Fedora and 85 more 2024-11-21 6.9 Medium
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-10695 1 Redhat 3 Red Hat Single Sign On, Rhosemc, Single Sign-on 2024-11-21 7.8 High
An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges.
CVE-2019-11358 11 Backdropcms, Debian, Drupal and 8 more 114 Backdrop, Debian Linux, Drupal and 111 more 2024-11-21 6.1 Medium
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2018-14042 2 Getbootstrap, Redhat 6 Bootstrap, Enterprise Linux, Jboss Enterprise Application Platform and 3 more 2024-11-21 N/A
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CVE-2018-14040 3 Debian, Getbootstrap, Redhat 6 Debian Linux, Bootstrap, Enterprise Linux and 3 more 2024-11-21 N/A
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.