Filtered by vendor Redhat
Subscriptions
Total
22981 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14540 | 5 Canonical, Fedoraproject, Netapp and 2 more | 11 Ubuntu Linux, Fedora, Active Iq Unified Manager and 8 more | 2024-11-21 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2020-14539 | 5 Canonical, Fedoraproject, Netapp and 2 more | 11 Ubuntu Linux, Fedora, Active Iq Unified Manager and 8 more | 2024-11-21 | 6.5 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2020-14422 | 5 Fedoraproject, Opensuse, Oracle and 2 more | 6 Fedora, Leap, Enterprise Manager Ops Center and 3 more | 2024-11-21 | 5.9 Medium |
| Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2. | ||||
| CVE-2020-14405 | 5 Canonical, Debian, Libvnc Project and 2 more | 16 Ubuntu Linux, Debian Linux, Libvncserver and 13 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. | ||||
| CVE-2020-14397 | 6 Canonical, Debian, Libvnc Project and 3 more | 17 Ubuntu Linux, Debian Linux, Libvncserver and 14 more | 2024-11-21 | 7.5 High |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. | ||||
| CVE-2020-14394 | 3 Fedoraproject, Qemu, Redhat | 5 Extra Packages For Enterprise Linux, Fedora, Qemu and 2 more | 2024-11-21 | 3.2 Low |
| An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. | ||||
| CVE-2020-14391 | 2 Gnome, Redhat | 6 Control Center, Enterprise Linux, Enterprise Linux Aus and 3 more | 2024-11-21 | 5.5 Medium |
| A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2020-14389 | 1 Redhat | 3 Jboss Single Sign On, Keycloak, Red Hat Single Sign On | 2024-11-21 | 8.1 High |
| It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have. | ||||
| CVE-2020-14388 | 1 Redhat | 1 3scale Api Management | 2024-11-21 | 6.3 Medium |
| A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission. | ||||
| CVE-2020-14386 | 5 Debian, Fedoraproject, Linux and 2 more | 7 Debian Linux, Fedora, Linux Kernel and 4 more | 2024-11-21 | 6.7 Medium |
| A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2020-14385 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2024-11-21 | 5.5 Medium |
| A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-14384 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jbossweb | 2024-11-21 | 7.5 High |
| A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-14383 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2024-11-21 | 6.5 Medium |
| A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not. | ||||
| CVE-2020-14382 | 4 Canonical, Cryptsetup Project, Fedoraproject and 1 more | 5 Ubuntu Linux, Cryptsetup, Fedora and 2 more | 2024-11-21 | 7.8 High |
| A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(*intervals));"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory. | ||||
| CVE-2020-14380 | 1 Redhat | 2 Satellite, Satellite Capsule | 2024-11-21 | 7.5 High |
| An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite. | ||||
| CVE-2020-14379 | 1 Redhat | 1 Jboss A-mq | 2024-11-21 | 5.6 Medium |
| A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure. | ||||
| CVE-2020-14373 | 2 Artifex, Redhat | 2 Ghostscript, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service. | ||||
| CVE-2020-14372 | 4 Fedoraproject, Gnu, Netapp and 1 more | 13 Fedora, Grub2, Cloud Backup and 10 more | 2024-11-21 | 7.5 High |
| A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. | ||||
| CVE-2020-14371 | 1 Redhat | 1 Satellite | 2024-11-21 | 6.5 Medium |
| A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite. | ||||
| CVE-2020-14370 | 3 Fedoraproject, Podman Project, Redhat | 6 Fedora, Podman, Enterprise Linux and 3 more | 2024-11-21 | 5.3 Medium |
| An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables. | ||||