Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
13590 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-29443 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Advanced Virtualization and 2 more | 2024-08-04 | 3.9 Low |
| ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. | ||||
| CVE-2020-29368 | 3 Linux, Netapp, Redhat | 11 Linux Kernel, Cloud Backup, Element Software and 8 more | 2024-08-04 | 7.0 High |
| An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. | ||||
| CVE-2020-29362 | 2 P11-kit Project, Redhat | 2 P11-kit, Enterprise Linux | 2024-08-04 | 5.3 Medium |
| An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation. | ||||
| CVE-2020-29361 | 3 Debian, P11-kit Project, Redhat | 3 Debian Linux, P11-kit, Enterprise Linux | 2024-08-04 | 7.5 High |
| An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. | ||||
| CVE-2020-29363 | 4 Debian, Oracle, P11-kit Project and 1 more | 4 Debian Linux, Communications Cloud Native Core Policy, P11-kit and 1 more | 2024-08-04 | 7.5 High |
| An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value. | ||||
| CVE-2020-29129 | 4 Debian, Fedoraproject, Libslirp Project and 1 more | 4 Debian Linux, Fedora, Libslirp and 1 more | 2024-08-04 | 4.3 Medium |
| ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | ||||
| CVE-2020-29130 | 4 Debian, Fedoraproject, Libslirp Project and 1 more | 4 Debian Linux, Fedora, Libslirp and 1 more | 2024-08-04 | 4.3 Medium |
| slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | ||||
| CVE-2020-28974 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-08-04 | 5.0 Medium |
| A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. | ||||
| CVE-2020-28949 | 5 Debian, Drupal, Fedoraproject and 2 more | 6 Debian Linux, Drupal, Fedora and 3 more | 2024-08-04 | 7.8 High |
| Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. | ||||
| CVE-2020-28948 | 5 Debian, Drupal, Fedoraproject and 2 more | 6 Debian Linux, Drupal, Fedora and 3 more | 2024-08-04 | 7.8 High |
| Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. | ||||
| CVE-2020-28916 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2024-08-04 | 5.5 Medium |
| hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. | ||||
| CVE-2020-28896 | 4 Debian, Mutt, Neomutt and 1 more | 4 Debian Linux, Mutt, Neomutt and 1 more | 2024-08-04 | 5.3 Medium |
| Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle. | ||||
| CVE-2020-28915 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhev Hypervisor | 2024-08-04 | 5.8 Medium |
| A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. | ||||
| CVE-2020-28852 | 2 Golang, Redhat | 5 Text, Acm, Enterprise Linux and 2 more | 2024-08-04 | 7.5 High |
| In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | ||||
| CVE-2020-28851 | 2 Golang, Redhat | 5 Go, Acm, Enterprise Linux and 2 more | 2024-08-04 | 7.5 High |
| In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | ||||
| CVE-2020-28362 | 4 Fedoraproject, Golang, Netapp and 1 more | 12 Fedora, Go, Cloud Insights Telegraf Agent and 9 more | 2024-08-04 | 7.5 High |
| Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. | ||||
| CVE-2020-28367 | 2 Golang, Redhat | 4 Go, Devtools, Enterprise Linux and 1 more | 2024-08-04 | 7.5 High |
| Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. | ||||
| CVE-2020-28374 | 4 Debian, Fedoraproject, Linux and 1 more | 9 Debian Linux, Fedora, Linux Kernel and 6 more | 2024-08-04 | 8.1 High |
| In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. | ||||
| CVE-2020-28366 | 4 Fedoraproject, Golang, Netapp and 1 more | 7 Fedora, Go, Cloud Insights Telegraf Agent and 4 more | 2024-08-04 | 7.5 High |
| Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. | ||||
| CVE-2020-28241 | 4 Debian, Fedoraproject, Maxmind and 1 more | 6 Debian Linux, Fedora, Libmaxminddb and 3 more | 2024-08-04 | 6.5 Medium |
| libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. | ||||