Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15490 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-1763 | 2 Libreswan, Redhat | 4 Libreswan, Enterprise Linux, Rhel E4s and 1 more | 2024-11-21 | 7.5 High |
| An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash. | ||||
| CVE-2020-1752 | 5 Canonical, Debian, Gnu and 2 more | 10 Ubuntu Linux, Debian Linux, Glibc and 7 more | 2024-11-21 | 7 High |
| A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. | ||||
| CVE-2020-1751 | 3 Canonical, Gnu, Redhat | 3 Ubuntu Linux, Glibc, Enterprise Linux | 2024-11-21 | 5.1 Medium |
| An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-1749 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2024-11-21 | 7.5 High |
| A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. | ||||
| CVE-2020-1747 | 5 Fedoraproject, Opensuse, Oracle and 2 more | 5 Fedora, Leap, Communications Cloud Native Core Network Function Cloud Native Environment and 2 more | 2024-11-21 | 9.8 Critical |
| A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. | ||||
| CVE-2020-1730 | 6 Canonical, Fedoraproject, Libssh and 3 more | 7 Ubuntu Linux, Fedora, Libssh and 4 more | 2024-11-21 | 5.3 Medium |
| A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. | ||||
| CVE-2020-1726 | 2 Libpod Project, Redhat | 4 Libpod, Enterprise Linux, Openshift and 1 more | 2024-11-21 | 5.9 Medium |
| A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0. | ||||
| CVE-2020-1722 | 2 Freeipa, Redhat | 2 Freeipa, Enterprise Linux | 2024-11-21 | 5.3 Medium |
| A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-1721 | 2 Dogtagpki, Redhat | 3 Dogtagpki, Enterprise Linux, Rhel Eus | 2024-11-21 | 6.1 Medium |
| A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code. | ||||
| CVE-2020-1720 | 2 Postgresql, Redhat | 8 Postgresql, Decision Manager, Enterprise Linux and 5 more | 2024-11-21 | 3.1 Low |
| A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17. | ||||
| CVE-2020-1711 | 4 Debian, Opensuse, Qemu and 1 more | 9 Debian Linux, Leap, Qemu and 6 more | 2024-11-21 | 7.7 High |
| An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. | ||||
| CVE-2020-1702 | 2 Containers-image Project, Redhat | 4 Containers-image, Enterprise Linux, Openshift and 1 more | 2024-11-21 | 3.3 Low |
| A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0. | ||||
| CVE-2020-1695 | 2 Fedoraproject, Redhat | 9 Fedora, Enterprise Linux, Jboss Data Grid and 6 more | 2024-11-21 | 7.5 High |
| A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed. | ||||
| CVE-2020-1597 | 3 Fedoraproject, Microsoft, Redhat | 6 Fedora, Asp.net Core, Visual Studio 2017 and 3 more | 2024-11-21 | 7.5 High |
| A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. | ||||
| CVE-2020-1161 | 2 Microsoft, Redhat | 5 Asp.net Core, Visual Studio 2017, Visual Studio 2019 and 2 more | 2024-11-21 | 7.5 High |
| A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. | ||||
| CVE-2020-1108 | 2 Microsoft, Redhat | 17 .net, .net Core, .net Framework and 14 more | 2024-11-21 | 7.5 High |
| A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. | ||||
| CVE-2020-1045 | 3 Fedoraproject, Microsoft, Redhat | 7 Fedora, Asp.net Core, Enterprise Linux and 4 more | 2024-11-21 | 7.5 High |
| <p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p> | ||||
| CVE-2020-19131 | 3 Debian, Redhat, Simplesystems | 3 Debian Linux, Enterprise Linux, Libtiff | 2024-11-21 | 7.5 High |
| Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". | ||||
| CVE-2020-18898 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. | ||||
| CVE-2020-18652 | 2 Exempi Project, Redhat | 2 Exempi, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file. | ||||