Total
1918 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11793 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 5 Ubuntu Linux, Fedora, Leap and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). | |||||
| CVE-2020-11765 | 6 Apple, Canonical, Debian and 3 more | 12 Icloud, Ipados, Iphone Os and 9 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. | |||||
| CVE-2020-11764 | 6 Apple, Canonical, Debian and 3 more | 12 Icloud, Ipados, Iphone Os and 9 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. | |||||
| CVE-2020-11763 | 6 Apple, Canonical, Debian and 3 more | 12 Icloud, Ipados, Iphone Os and 9 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. | |||||
| CVE-2020-11762 | 6 Apple, Canonical, Debian and 3 more | 12 Icloud, Ipados, Iphone Os and 9 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case. | |||||
| CVE-2020-11760 | 6 Apple, Canonical, Debian and 3 more | 12 Icloud, Ipados, Iphone Os and 9 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. | |||||
| CVE-2020-11758 | 6 Apple, Canonical, Debian and 3 more | 12 Icloud, Ipados, Iphone Os and 9 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. | |||||
| CVE-2020-11741 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 6.9 MEDIUM | 8.8 HIGH |
| An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out. | |||||
| CVE-2020-11740 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed. | |||||
| CVE-2020-11739 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don't contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the "critical" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g., a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. A malicious guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. | |||||
| CVE-2020-11669 | 3 Linux, Opensuse, Redhat | 3 Linux Kernel, Leap, Enterprise Linux | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd. | |||||
| CVE-2020-11653 | 4 Debian, Opensuse, Varnish-cache and 1 more | 5 Debian Linux, Backports Sle, Leap and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. | |||||
| CVE-2020-11647 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Leap, Wireshark | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. | |||||
| CVE-2020-11526 | 4 Canonical, Debian, Freerdp and 1 more | 4 Ubuntu Linux, Debian Linux, Freerdp and 1 more | 2024-11-21 | 3.5 LOW | 2.2 LOW |
| libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. | |||||
| CVE-2020-11525 | 4 Canonical, Debian, Freerdp and 1 more | 4 Ubuntu Linux, Debian Linux, Freerdp and 1 more | 2024-11-21 | 3.5 LOW | 2.2 LOW |
| libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. | |||||
| CVE-2020-11524 | 3 Canonical, Freerdp, Opensuse | 3 Ubuntu Linux, Freerdp, Leap | 2024-11-21 | 6.0 MEDIUM | 6.6 MEDIUM |
| libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. | |||||
| CVE-2020-11523 | 4 Canonical, Debian, Freerdp and 1 more | 4 Ubuntu Linux, Debian Linux, Freerdp and 1 more | 2024-11-21 | 6.0 MEDIUM | 6.6 MEDIUM |
| libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. | |||||
| CVE-2020-11522 | 4 Canonical, Debian, Freerdp and 1 more | 4 Ubuntu Linux, Debian Linux, Freerdp and 1 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. | |||||
| CVE-2020-11521 | 4 Canonical, Debian, Freerdp and 1 more | 4 Ubuntu Linux, Debian Linux, Freerdp and 1 more | 2024-11-21 | 6.0 MEDIUM | 6.6 MEDIUM |
| libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. | |||||
| CVE-2020-11501 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. | |||||