Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
13578 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-13777 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-08-04 | 7.4 High |
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. | ||||
CVE-2020-13692 | 6 Debian, Fedoraproject, Netapp and 3 more | 14 Debian Linux, Fedora, Steelstore Cloud Integrated Storage and 11 more | 2024-08-04 | 7.7 High |
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. | ||||
CVE-2020-13631 | 9 Apple, Brocade, Canonical and 6 more | 20 Icloud, Ipados, Iphone Os and 17 more | 2024-08-04 | 5.5 Medium |
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. | ||||
CVE-2020-13632 | 9 Brocade, Canonical, Debian and 6 more | 14 Fabric Operating System, Ubuntu Linux, Debian Linux and 11 more | 2024-08-04 | 5.5 Medium |
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. | ||||
CVE-2020-13630 | 10 Apple, Brocade, Canonical and 7 more | 21 Icloud, Ipados, Iphone Os and 18 more | 2024-08-04 | 7.0 High |
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. | ||||
CVE-2020-13584 | 3 Fedoraproject, Redhat, Webkitgtk | 3 Fedora, Enterprise Linux, Webkitgtk | 2024-08-04 | 8.8 High |
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. | ||||
CVE-2020-13558 | 2 Redhat, Webkitgtk | 2 Enterprise Linux, Webkitgtk | 2024-08-04 | 8.8 High |
A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. | ||||
CVE-2020-13543 | 2 Redhat, Webkitgtk | 2 Enterprise Linux, Webkitgtk | 2024-08-04 | 8.8 High |
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | ||||
CVE-2020-13529 | 4 Fedoraproject, Netapp, Redhat and 1 more | 5 Fedora, Active Iq Unified Manager, Cloud Backup and 2 more | 2024-08-04 | 6.1 Medium |
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. | ||||
CVE-2020-13430 | 2 Grafana, Redhat | 3 Grafana, Enterprise Linux, Service Mesh | 2024-08-04 | 6.1 Medium |
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. | ||||
CVE-2020-13434 | 8 Apple, Canonical, Debian and 5 more | 16 Icloud, Ipados, Iphone Os and 13 more | 2024-08-04 | 5.5 Medium |
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. | ||||
CVE-2020-13435 | 3 Fedoraproject, Redhat, Sqlite | 3 Fedora, Enterprise Linux, Sqlite | 2024-08-04 | 5.5 Medium |
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. | ||||
CVE-2020-13396 | 5 Canonical, Debian, Freerdp and 2 more | 5 Ubuntu Linux, Debian Linux, Freerdp and 2 more | 2024-08-04 | 7.1 High |
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. | ||||
CVE-2020-13398 | 5 Canonical, Debian, Freerdp and 2 more | 7 Ubuntu Linux, Debian Linux, Freerdp and 4 more | 2024-08-04 | 8.3 High |
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. | ||||
CVE-2020-13397 | 5 Canonical, Debian, Freerdp and 2 more | 5 Ubuntu Linux, Debian Linux, Freerdp and 2 more | 2024-08-04 | 5.5 Medium |
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. | ||||
CVE-2020-13379 | 5 Fedoraproject, Grafana, Netapp and 2 more | 11 Fedora, Grafana, E-series Performance Analyzer and 8 more | 2024-08-04 | 8.2 High |
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault. | ||||
CVE-2020-12831 | 2 Linuxfoundation, Redhat | 2 Free Range Routing, Enterprise Linux | 2024-08-04 | 5.3 Medium |
An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file | ||||
CVE-2020-11565 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-08-04 | 6.0 Medium |
An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.” | ||||
CVE-2020-13249 | 4 Fedoraproject, Mariadb, Opensuse and 1 more | 7 Fedora, Connector\/c, Leap and 4 more | 2024-08-04 | 8.8 High |
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. | ||||
CVE-2020-13113 | 5 Canonical, Debian, Libexif Project and 2 more | 5 Ubuntu Linux, Debian Linux, Libexif and 2 more | 2024-08-04 | 8.2 High |
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. |