ReportizFlow
Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15610 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13950 | 5 Apache, Debian, Fedoraproject and 2 more | 8 Http Server, Debian Linux, Fedora and 5 more | 2024-11-21 | 7.5 High |
| Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service | ||||
| CVE-2020-13935 | 8 Apache, Canonical, Debian and 5 more | 23 Tomcat, Ubuntu Linux, Debian Linux and 20 more | 2024-11-21 | 7.5 High |
| The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. | ||||
| CVE-2020-13867 | 3 Fedoraproject, Redhat, Targetcli-fb Project | 3 Fedora, Enterprise Linux, Targetcli-fb | 2024-11-21 | 5.5 Medium |
| Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). | ||||
| CVE-2020-13790 | 3 Libjpeg-turbo, Mozilla, Redhat | 3 Libjpeg-turbo, Mozjpeg, Enterprise Linux | 2024-11-21 | 8.1 High |
| libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. | ||||
| CVE-2020-13777 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 7.4 High |
| GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. | ||||
| CVE-2020-13765 | 4 Canonical, Debian, Qemu and 1 more | 4 Ubuntu Linux, Debian Linux, Qemu and 1 more | 2024-11-21 | 5.6 Medium |
| rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. | ||||
| CVE-2020-13754 | 4 Canonical, Debian, Qemu and 1 more | 5 Ubuntu Linux, Debian Linux, Qemu and 2 more | 2024-11-21 | 6.7 Medium |
| hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. | ||||
| CVE-2020-13692 | 6 Debian, Fedoraproject, Netapp and 3 more | 14 Debian Linux, Fedora, Steelstore Cloud Integrated Storage and 11 more | 2024-11-21 | 7.7 High |
| PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. | ||||
| CVE-2020-13632 | 9 Brocade, Canonical, Debian and 6 more | 14 Fabric Operating System, Ubuntu Linux, Debian Linux and 11 more | 2024-11-21 | 5.5 Medium |
| ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. | ||||
| CVE-2020-13631 | 9 Apple, Brocade, Canonical and 6 more | 20 Icloud, Ipados, Iphone Os and 17 more | 2024-11-21 | 5.5 Medium |
| SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. | ||||
| CVE-2020-13630 | 10 Apple, Brocade, Canonical and 7 more | 21 Icloud, Ipados, Iphone Os and 18 more | 2024-11-21 | 7.0 High |
| ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. | ||||
| CVE-2020-13584 | 3 Fedoraproject, Redhat, Webkitgtk | 4 Fedora, Enterprise Linux, Rhel Els and 1 more | 2024-11-21 | 8.8 High |
| An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. | ||||
| CVE-2020-13558 | 2 Redhat, Webkitgtk | 3 Enterprise Linux, Rhel Els, Webkitgtk | 2024-11-21 | 8.8 High |
| A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. | ||||
| CVE-2020-13543 | 2 Redhat, Webkitgtk | 3 Enterprise Linux, Rhel Els, Webkitgtk | 2024-11-21 | 8.8 High |
| A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | ||||
| CVE-2020-13529 | 4 Fedoraproject, Netapp, Redhat and 1 more | 5 Fedora, Active Iq Unified Manager, Cloud Backup and 2 more | 2024-11-21 | 6.1 Medium |
| An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. | ||||
| CVE-2020-13435 | 3 Fedoraproject, Redhat, Sqlite | 3 Fedora, Enterprise Linux, Sqlite | 2024-11-21 | 5.5 Medium |
| SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. | ||||
| CVE-2020-13434 | 8 Apple, Canonical, Debian and 5 more | 16 Icloud, Ipados, Iphone Os and 13 more | 2024-11-21 | 5.5 Medium |
| SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. | ||||
| CVE-2020-13430 | 2 Grafana, Redhat | 3 Grafana, Enterprise Linux, Service Mesh | 2024-11-21 | 6.1 Medium |
| Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. | ||||
| CVE-2020-13398 | 5 Canonical, Debian, Freerdp and 2 more | 7 Ubuntu Linux, Debian Linux, Freerdp and 4 more | 2024-11-21 | 8.3 High |
| An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. | ||||
| CVE-2020-13397 | 5 Canonical, Debian, Freerdp and 2 more | 5 Ubuntu Linux, Debian Linux, Freerdp and 2 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. | ||||