Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Extras Rt
Subscriptions
Total
482 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12364 | 3 Intel, Linux, Redhat | 4 Graphics Drivers, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
| Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. | ||||
| CVE-2020-12363 | 3 Intel, Linux, Redhat | 4 Graphics Drivers, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
| Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. | ||||
| CVE-2020-12362 | 3 Intel, Linux, Redhat | 9 Graphics Drivers, Linux Kernel, Enterprise Linux and 6 more | 2024-11-21 | 7.8 High |
| Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. | ||||
| CVE-2020-12352 | 3 Bluez, Linux, Redhat | 8 Bluez, Linux Kernel, Enterprise Linux and 5 more | 2024-11-21 | 6.5 Medium |
| Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | ||||
| CVE-2020-12351 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Rhel Aus and 4 more | 2024-11-21 | 8.8 High |
| Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2020-11668 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-11-21 | 7.1 High |
| In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. | ||||
| CVE-2020-11565 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | 6.0 Medium |
| An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.” | ||||
| CVE-2020-10942 | 5 Canonical, Debian, Linux and 2 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2024-11-21 | 5.3 Medium |
| In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. | ||||
| CVE-2020-10769 | 2 Opensuse, Redhat | 3 Leap, Enterprise Linux, Rhel Extras Rt | 2024-11-21 | 5.5 Medium |
| A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service. | ||||
| CVE-2020-10757 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2024-11-21 | 7.8 High |
| A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. | ||||
| CVE-2020-10751 | 2 Kernel, Redhat | 4 Selinux, Enterprise Linux, Enterprise Linux Server and 1 more | 2024-11-21 | 6.1 Medium |
| A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. | ||||
| CVE-2020-10742 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-11-21 | 6.0 Medium |
| A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability. | ||||
| CVE-2020-10732 | 5 Canonical, Linux, Netapp and 2 more | 33 Ubuntu Linux, Linux Kernel, Active Iq Unified Manager and 30 more | 2024-11-21 | 3.3 Low |
| A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. | ||||
| CVE-2020-10711 | 5 Canonical, Debian, Linux and 2 more | 17 Ubuntu Linux, Debian Linux, Linux Kernel and 14 more | 2024-11-21 | 5.9 Medium |
| A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. | ||||
| CVE-2020-10690 | 6 Canonical, Debian, Linux and 3 more | 34 Ubuntu Linux, Debian Linux, Linux Kernel and 31 more | 2024-11-21 | 6.5 Medium |
| There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. | ||||
| CVE-2020-0466 | 2 Google, Redhat | 8 Android, Enterprise Linux, Rhel Aus and 5 more | 2024-11-21 | 7.8 High |
| In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel | ||||
| CVE-2020-0465 | 2 Google, Redhat | 3 Android, Enterprise Linux, Rhel Extras Rt | 2024-11-21 | 6.8 Medium |
| In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel | ||||
| CVE-2020-0427 | 5 Debian, Google, Opensuse and 2 more | 6 Debian Linux, Android, Leap and 3 more | 2024-11-21 | 5.5 Medium |
| In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 | ||||
| CVE-2019-9506 | 8 Apple, Blackberry, Canonical and 5 more | 280 Iphone Os, Mac Os X, Tvos and 277 more | 2024-11-21 | 8.1 High |
| The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. | ||||
| CVE-2019-9503 | 2 Broadcom, Redhat | 4 Brcmfmac Driver, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | 7.9 High |
| The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. | ||||