Search Results (83515 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-10782 1 Redhat 1 Ansible Tower 2024-11-21 6.5 Medium
An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1.
CVE-2020-10781 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 5.5 Medium
A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.
CVE-2020-10777 1 Redhat 2 Cloudforms, Cloudforms Managementengine 2024-11-21 5.4 Medium
A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms.
CVE-2020-10776 1 Redhat 3 Jboss Single Sign On, Keycloak, Red Hat Single Sign On 2024-11-21 4.8 Medium
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.
CVE-2020-10762 1 Redhat 2 Gluster-block, Storage 2024-11-21 5.5 Medium
An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality.
CVE-2020-10758 1 Redhat 5 Jboss Single Sign On, Keycloak, Openshift Application Runtimes and 2 more 2024-11-21 7.5 High
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.
CVE-2020-10753 5 Canonical, Fedoraproject, Linuxfoundation and 2 more 6 Ubuntu Linux, Fedora, Ceph and 3 more 2024-11-21 5.4 Medium
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.
CVE-2020-10748 1 Redhat 3 Jboss Single Sign On, Keycloak, Single Sign-on 2024-11-21 6.1 Medium
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.
CVE-2020-10742 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2024-11-21 6.0 Medium
A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability.
CVE-2020-10718 1 Redhat 5 Jboss Enterprise Application Platform, Jboss Fuse, Jboss Single Sign On and 2 more 2024-11-21 7.5 High
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.
CVE-2020-10717 2 Qemu, Redhat 2 Qemu, Advanced Virtualization 2024-11-21 3.3 Low
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.
CVE-2020-10713 5 Debian, Gnu, Opensuse and 2 more 10 Debian Linux, Grub2, Leap and 7 more 2024-11-21 8.2 High
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-10705 2 Netapp, Redhat 6 Oncommand Insight, Enterprise Linux, Jboss Enterprise Application Platform and 3 more 2024-11-21 7.5 High
A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.
CVE-2020-10699 2 Redhat, Targetcli-fb Project 2 Enterprise Linux, Targetcli-fb 2024-11-21 7.8 High
A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.
CVE-2020-10688 1 Redhat 7 Enterprise Linux, Fuse, Jboss Enterprise Application Platform and 4 more 2024-11-21 6.1 Medium
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
CVE-2020-10681 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 5.4 Medium
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.
CVE-2020-10674 1 Perlspeak Project 1 Perlspeak 2024-11-21 9.8 Critical
PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.
CVE-2020-10670 1 Canon 2 Oce Colorwave 500, Oce Colorwave 500 Firmware 2024-11-21 6.1 Medium
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version.
CVE-2020-10668 1 Canon 2 Oce Colorwave 500, Oce Colorwave 500 Firmware 2024-11-21 6.1 Medium
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version.
CVE-2020-10667 1 Canon 2 Oce Colorwave 500, Oce Colorwave 500 Firmware 2024-11-21 6.1 Medium
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version.