Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
13576 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-8649 | 4 Debian, Linux, Opensuse and 1 more | 6 Debian Linux, Linux Kernel, Leap and 3 more | 2024-08-04 | 5.9 Medium |
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. | ||||
CVE-2020-8632 | 4 Canonical, Debian, Opensuse and 1 more | 4 Cloud-init, Debian Linux, Leap and 1 more | 2024-08-04 | 5.5 Medium |
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. | ||||
CVE-2020-8648 | 7 Broadcom, Canonical, Debian and 4 more | 14 Brocade Fabric Operating System Firmware, Ubuntu Linux, Debian Linux and 11 more | 2024-08-04 | 7.1 High |
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. | ||||
CVE-2020-8597 | 5 Canonical, Debian, Point-to-point Protocol Project and 2 more | 8 Ubuntu Linux, Debian Linux, Point-to-point Protocol and 5 more | 2024-08-04 | 9.8 Critical |
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. | ||||
CVE-2020-8492 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-08-04 | 6.5 Medium |
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. | ||||
CVE-2020-8595 | 2 Istio, Redhat | 4 Istio, Enterprise Linux, Openshift Service Mesh and 1 more | 2024-08-04 | 7.3 High |
Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match. | ||||
CVE-2020-8450 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-08-04 | 7.3 High |
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. | ||||
CVE-2020-8449 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-08-04 | 7.5 High |
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. | ||||
CVE-2020-8286 | 9 Apple, Debian, Fedoraproject and 6 more | 22 Mac Os X, Macos, Debian Linux and 19 more | 2024-08-04 | 7.5 High |
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | ||||
CVE-2020-8201 | 4 Fedoraproject, Nodejs, Opensuse and 1 more | 6 Fedora, Node.js, Leap and 3 more | 2024-08-04 | 7.4 High |
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | ||||
CVE-2020-8284 | 10 Apple, Debian, Fedoraproject and 7 more | 31 Mac Os X, Macos, Debian Linux and 28 more | 2024-08-04 | 3.7 Low |
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. | ||||
CVE-2020-8285 | 10 Apple, Debian, Fedoraproject and 7 more | 32 Mac Os X, Macos, Debian Linux and 29 more | 2024-08-04 | 7.5 High |
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | ||||
CVE-2020-8277 | 5 C-ares Project, Fedoraproject, Nodejs and 2 more | 10 C-ares, Fedora, Node.js and 7 more | 2024-08-04 | 7.5 High |
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. | ||||
CVE-2020-8287 | 6 Debian, Fedoraproject, Nodejs and 3 more | 7 Debian Linux, Fedora, Node.js and 4 more | 2024-08-04 | 6.5 Medium |
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling. | ||||
CVE-2020-8252 | 4 Fedoraproject, Nodejs, Opensuse and 1 more | 6 Fedora, Node.js, Leap and 3 more | 2024-08-04 | 7.8 High |
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. | ||||
CVE-2020-8265 | 6 Debian, Fedoraproject, Nodejs and 3 more | 7 Debian Linux, Fedora, Node.js and 4 more | 2024-08-04 | 8.1 High |
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits. | ||||
CVE-2020-8231 | 6 Debian, Haxx, Oracle and 3 more | 6 Debian Linux, Libcurl, Communications Cloud Native Core Policy and 3 more | 2024-08-04 | 7.5 High |
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. | ||||
CVE-2020-8177 | 6 Debian, Fujitsu, Haxx and 3 more | 19 Debian Linux, M10-1, M10-1 Firmware and 16 more | 2024-08-04 | 7.8 High |
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | ||||
CVE-2020-8172 | 3 Nodejs, Oracle, Redhat | 8 Node.js, Banking Extensibility Workbench, Blockchain Platform and 5 more | 2024-08-04 | 7.4 High |
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. | ||||
CVE-2020-8174 | 4 Netapp, Nodejs, Oracle and 1 more | 13 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 10 more | 2024-08-04 | 8.1 High |
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. |