Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
13590 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36385 | 4 Linux, Netapp, Redhat and 1 more | 26 Linux Kernel, H300e, H300e Firmware and 23 more | 2024-08-04 | 7.8 High |
| An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. | ||||
| CVE-2020-36328 | 5 Apple, Debian, Netapp and 2 more | 8 Ipados, Iphone Os, Debian Linux and 5 more | 2024-08-04 | 9.8 Critical |
| A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2020-36327 | 4 Bundler, Fedoraproject, Microsoft and 1 more | 7 Bundler, Fedora, Package Manager Configurations and 4 more | 2024-08-04 | 8.8 High |
| Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. | ||||
| CVE-2020-36329 | 5 Apple, Debian, Netapp and 2 more | 8 Ipados, Iphone Os, Debian Linux and 5 more | 2024-08-04 | 9.8 Critical |
| A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2020-36318 | 2 Redhat, Rust-lang | 3 Devtools, Enterprise Linux, Rust | 2024-08-04 | 9.8 Critical |
| In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free. | ||||
| CVE-2020-36332 | 4 Debian, Netapp, Redhat and 1 more | 4 Debian Linux, Ontap Select Deploy Administration Utility, Enterprise Linux and 1 more | 2024-08-04 | 7.5 High |
| A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. | ||||
| CVE-2020-36322 | 4 Debian, Linux, Redhat and 1 more | 6 Debian Linux, Linux Kernel, Enterprise Linux and 3 more | 2024-08-04 | 5.5 Medium |
| An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. | ||||
| CVE-2020-36312 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-04 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. | ||||
| CVE-2020-36317 | 2 Redhat, Rust-lang | 3 Devtools, Enterprise Linux, Rust | 2024-08-04 | 7.5 High |
| In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string. | ||||
| CVE-2020-36241 | 3 Fedoraproject, Gnome, Redhat | 3 Fedora, Gnome-autoar, Enterprise Linux | 2024-08-04 | 5.5 Medium |
| autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | ||||
| CVE-2020-36314 | 3 Fedoraproject, Gnome, Redhat | 3 Fedora, File-roller, Enterprise Linux | 2024-08-04 | 3.9 Low |
| fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736. | ||||
| CVE-2020-36158 | 5 Debian, Fedoraproject, Linux and 2 more | 7 Debian Linux, Fedora, Linux Kernel and 4 more | 2024-08-04 | 8.8 High |
| mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. | ||||
| CVE-2020-36193 | 5 Debian, Drupal, Fedoraproject and 2 more | 6 Debian Linux, Drupal, Fedora and 3 more | 2024-08-04 | 7.5 High |
| Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. | ||||
| CVE-2020-36024 | 2 Freedesktop, Redhat | 2 Poppler, Enterprise Linux | 2024-08-04 | 5.5 Medium |
| An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. | ||||
| CVE-2020-35655 | 3 Fedoraproject, Python, Redhat | 3 Fedora, Pillow, Enterprise Linux | 2024-08-04 | 5.4 Medium |
| In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. | ||||
| CVE-2020-35653 | 4 Debian, Fedoraproject, Python and 1 more | 5 Debian Linux, Fedora, Pillow and 2 more | 2024-08-04 | 7.1 High |
| In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. | ||||
| CVE-2020-35518 | 1 Redhat | 4 389 Directory Server, Directory Server, Enterprise Linux and 1 more | 2024-08-04 | 5.3 Medium |
| When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database. | ||||
| CVE-2020-35527 | 3 Netapp, Redhat, Sqlite | 3 Ontap Select Deploy Administration Utility, Enterprise Linux, Sqlite | 2024-08-04 | 9.8 Critical |
| In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. | ||||
| CVE-2020-35524 | 5 Debian, Fedoraproject, Libtiff and 2 more | 5 Debian Linux, Fedora, Libtiff and 2 more | 2024-08-04 | 7.8 High |
| A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||
| CVE-2020-35521 | 4 Fedoraproject, Libtiff, Netapp and 1 more | 4 Fedora, Libtiff, Ontap Select Deploy Administration Utility and 1 more | 2024-08-04 | 5.5 Medium |
| A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. | ||||