Filtered by vendor Redhat Subscriptions
Filtered by product Rhel Eus Subscriptions
Total 2927 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-5208 5 Debian, Fedoraproject, Ipmitool Project and 2 more 9 Debian Linux, Fedora, Ipmitool and 6 more 2024-11-21 7.7 High
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.
CVE-2020-36558 2 Linux, Redhat 5 Linux Kernel, Enterprise Linux, Rhel Eus and 2 more 2024-11-21 5.1 Medium
A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.
CVE-2020-36516 3 Linux, Netapp, Redhat 32 Linux Kernel, Bootstrap Os, Cloud Volumes Ontap Mediator and 29 more 2024-11-21 5.9 Medium
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
CVE-2020-36385 4 Linux, Netapp, Redhat and 1 more 26 Linux Kernel, H300e, H300e Firmware and 23 more 2024-11-21 7.8 High
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.
CVE-2020-36329 5 Apple, Debian, Netapp and 2 more 8 Ipados, Iphone Os, Debian Linux and 5 more 2024-11-21 9.8 Critical
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36328 5 Apple, Debian, Netapp and 2 more 8 Ipados, Iphone Os, Debian Linux and 5 more 2024-11-21 9.8 Critical
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36327 4 Bundler, Fedoraproject, Microsoft and 1 more 7 Bundler, Fedora, Package Manager Configurations and 4 more 2024-11-21 8.8 High
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product.
CVE-2020-36322 4 Debian, Linux, Redhat and 1 more 6 Debian Linux, Linux Kernel, Enterprise Linux and 3 more 2024-11-21 5.5 Medium
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
CVE-2020-35518 1 Redhat 4 389 Directory Server, Directory Server, Enterprise Linux and 1 more 2024-11-21 5.3 Medium
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
CVE-2020-35508 3 Linux, Netapp, Redhat 34 Linux Kernel, A700s, A700s Firmware and 31 more 2024-11-21 4.5 Medium
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.
CVE-2020-35113 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2024-11-21 8.8 High
Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
CVE-2020-35111 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2024-11-21 4.3 Medium
When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
CVE-2020-2930 5 Canonical, Fedoraproject, Netapp and 2 more 11 Ubuntu Linux, Fedora, Active Iq Unified Manager and 8 more 2024-11-21 4.4 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2928 3 Fedoraproject, Oracle, Redhat 6 Fedora, Mysql, Enterprise Linux and 3 more 2024-11-21 4.9 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2926 3 Fedoraproject, Oracle, Redhat 6 Fedora, Mysql, Enterprise Linux and 3 more 2024-11-21 4.4 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2925 5 Canonical, Fedoraproject, Netapp and 2 more 11 Ubuntu Linux, Fedora, Active Iq Unified Manager and 8 more 2024-11-21 4.9 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2924 5 Canonical, Fedoraproject, Netapp and 2 more 11 Ubuntu Linux, Fedora, Active Iq Unified Manager and 8 more 2024-11-21 4.9 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2923 5 Canonical, Fedoraproject, Netapp and 2 more 11 Ubuntu Linux, Fedora, Active Iq Unified Manager and 8 more 2024-11-21 4.9 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2922 5 Canonical, Mariadb, Netapp and 2 more 11 Ubuntu Linux, Mariadb, Active Iq Unified Manager and 8 more 2024-11-21 3.7 Low
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2020-2921 3 Fedoraproject, Oracle, Redhat 6 Fedora, Mysql, Enterprise Linux and 3 more 2024-11-21 4.4 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).