Filtered by vendor Redhat Subscriptions
Filtered by product Enterprise Linux Subscriptions
Total 15491 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-8174 4 Netapp, Nodejs, Oracle and 1 more 13 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 10 more 2024-11-21 8.1 High
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
CVE-2020-8172 3 Nodejs, Oracle, Redhat 8 Node.js, Banking Extensibility Workbench, Blockchain Platform and 5 more 2024-11-21 7.4 High
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
CVE-2020-8116 2 Dot-prop Project, Redhat 4 Dot-prop, Enterprise Linux, Rhel Eus and 1 more 2024-11-21 7.3 High
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
CVE-2020-8112 3 Debian, Redhat, Uclouvain 4 Debian Linux, Enterprise Linux, Rhel E4s and 1 more 2024-11-21 8.8 High
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
CVE-2020-8037 5 Apple, Debian, Fedoraproject and 2 more 6 Mac Os X, Macos, Debian Linux and 3 more 2024-11-21 7.5 High
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
CVE-2020-7788 3 Debian, Ini Project, Redhat 5 Debian Linux, Ini, Enterprise Linux and 2 more 2024-11-21 7.3 High
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.
CVE-2020-7774 4 Oracle, Redhat, Siemens and 1 more 7 Graalvm, Enterprise Linux, Openshift and 4 more 2024-11-21 7.3 High
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
CVE-2020-7754 2 Npmjs, Redhat 3 Npm-user-validate, Enterprise Linux, Rhel Software Collections 2024-11-21 7.5 High
This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.
CVE-2020-7656 5 Jquery, Juniper, Netapp and 2 more 9 Jquery, Junos, Active Iq Unified Manager and 6 more 2024-11-21 6.1 Medium
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
CVE-2020-7608 2 Redhat, Yargs 5 Enterprise Linux, Openshift Container Storage, Quay and 2 more 2024-11-21 5.3 Medium
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.
CVE-2020-7598 3 Opensuse, Redhat, Substack 9 Leap, Enterprise Linux, Openshift and 6 more 2024-11-21 5.6 Medium
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
CVE-2020-7595 8 Canonical, Debian, Fedoraproject and 5 more 35 Ubuntu Linux, Debian Linux, Fedora and 32 more 2024-11-21 7.5 High
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2020-7140 3 Hp, Microsoft, Redhat 4 Icewall Sso Dfw, Icewall Sso Dgfw, Windows and 1 more 2024-11-21 6.1 Medium
A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess
CVE-2020-7071 4 Debian, Netapp, Php and 1 more 5 Debian Linux, Clustered Data Ontap, Php and 2 more 2024-11-21 5.3 Medium
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
CVE-2020-7070 8 Canonical, Debian, Fedoraproject and 5 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2024-11-21 4.3 Medium
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
CVE-2020-7069 9 Canonical, Debian, Fedoraproject and 6 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-11-21 5.4 Medium
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
CVE-2020-7068 4 Debian, Php, Redhat and 1 more 5 Debian Linux, Php, Enterprise Linux and 2 more 2024-11-21 4.8 Medium
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
CVE-2020-7066 5 Debian, Opensuse, Php and 2 more 6 Debian Linux, Leap, Php and 3 more 2024-11-21 5.3 Medium
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.
CVE-2020-7065 5 Canonical, Debian, Php and 2 more 6 Ubuntu Linux, Debian Linux, Php and 3 more 2024-11-21 7.4 High
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
CVE-2020-7064 6 Canonical, Debian, Opensuse and 3 more 7 Ubuntu Linux, Debian Linux, Leap and 4 more 2024-11-21 6.5 Medium
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.