Filtered by vendor Redhat
Subscribe
Total
5668 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25712 | 2 Redhat, X.org | 2 Enterprise Linux, X Server | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-25711 | 3 Infinispan, Netapp, Redhat | 3 Infinispan, Active Iq Unified Manager, Data Grid | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
| A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role. | |||||
| CVE-2020-25710 | 4 Debian, Fedoraproject, Openldap and 1 more | 7 Debian Linux, Fedora, Openldap and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-25709 | 4 Apple, Debian, Openldap and 1 more | 5 Mac Os X, Macos, Debian Linux and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-25708 | 3 Debian, Libvncserver Project, Redhat | 3 Debian Linux, Libvncserver, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. | |||||
| CVE-2020-25705 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version | |||||
| CVE-2020-25692 | 3 Netapp, Openldap, Redhat | 5 Cloud Backup, Solidfire Baseboard Management Controller, Solidfire Baseboard Management Controller Firmware and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. | |||||
| CVE-2020-25689 | 2 Netapp, Redhat | 10 Active Iq Unified Manager, Oncommand Insight, Service Level Manager and 7 more | 2024-11-21 | 6.8 MEDIUM | 5.3 MEDIUM |
| A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-25688 | 1 Redhat | 1 Advanced Cluster Management For Kubernetes | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible. | |||||
| CVE-2020-25680 | 1 Redhat | 1 Jboss Core Services Httpd | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from this vulnerability is to data integrity. | |||||
| CVE-2020-25678 | 2 Fedoraproject, Redhat | 3 Fedora, Ceph, Ceph Storage | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. | |||||
| CVE-2020-25677 | 2 Ceph, Redhat | 2 Ceph-ansible, Ceph Storage | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2020-25662 | 1 Redhat | 1 Enterprise Linux | 2024-11-21 | 3.3 LOW | 5.3 MEDIUM |
| A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2020-25661 | 1 Redhat | 1 Enterprise Linux | 2024-11-21 | 8.3 HIGH | 7.5 HIGH |
| A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-25660 | 2 Fedoraproject, Redhat | 4 Fedora, Ceph, Ceph Storage and 1 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. | |||||
| CVE-2020-25658 | 3 Fedoraproject, Python-rsa Project, Redhat | 3 Fedora, Python-rsa, Openstack Platform | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. | |||||
| CVE-2020-25657 | 3 Fedoraproject, M2crypto Project, Redhat | 4 Fedora, M2crypto, Enterprise Linux and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2020-25656 | 4 Debian, Linux, Redhat and 1 more | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | 1.9 LOW | 4.1 MEDIUM |
| A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2020-25655 | 1 Redhat | 1 Advanced Cluster Management For Kubernetes | 2024-11-21 | 4.0 MEDIUM | 5.7 MEDIUM |
| An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this short time window the user with view permission could read cluster secrets that should only be disclosed to admin users. | |||||
| CVE-2020-25648 | 4 Fedoraproject, Mozilla, Oracle and 1 more | 6 Fedora, Network Security Services, Communications Offline Mediation Controller and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. | |||||