Filtered by vendor Redhat
Subscribe
Total
5741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14371 | 1 Redhat | 1 Satellite | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite. | |||||
| CVE-2020-14370 | 3 Fedoraproject, Podman Project, Redhat | 4 Fedora, Podman, Enterprise Linux and 1 more | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables. | |||||
| CVE-2020-14369 | 1 Redhat | 1 Cloudforms | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth. | |||||
| CVE-2020-14366 | 1 Redhat | 1 Keycloak | 2024-11-21 | 5.0 MEDIUM | 6.8 MEDIUM |
| A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw | |||||
| CVE-2020-14365 | 2 Debian, Redhat | 5 Debian Linux, Ansible Engine, Ansible Tower and 2 more | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
| A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability. | |||||
| CVE-2020-14364 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 4.4 MEDIUM | 5.0 MEDIUM |
| An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. | |||||
| CVE-2020-14359 | 1 Redhat | 1 Louketo Proxy | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers. | |||||
| CVE-2020-14356 | 6 Canonical, Debian, Linux and 3 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. | |||||
| CVE-2020-14355 | 5 Canonical, Debian, Opensuse and 2 more | 10 Ubuntu Linux, Debian Linux, Leap and 7 more | 2024-11-21 | 6.5 MEDIUM | 6.6 MEDIUM |
| Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. | |||||
| CVE-2020-14352 | 3 Fedoraproject, Opensuse, Redhat | 4 Fedora, Backports Sle, Leap and 1 more | 2024-11-21 | 8.5 HIGH | 8.0 HIGH |
| A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories. | |||||
| CVE-2020-14351 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-14348 | 1 Redhat | 1 Amq Online | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers. | |||||
| CVE-2020-14341 | 1 Redhat | 1 Single Sign-on | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may glean information about hosts and ports which they do not have access to scan directly. | |||||
| CVE-2020-14340 | 2 Oracle, Redhat | 14 Communications Cloud Native Core Console, Communications Cloud Native Core Network Repository Function, Communications Cloud Native Core Policy and 11 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final. | |||||
| CVE-2020-14339 | 1 Redhat | 2 Enterprise Linux, Libvirt | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-14338 | 1 Redhat | 1 Xerces | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3. | |||||
| CVE-2020-14337 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2020-14336 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-14335 | 1 Redhat | 1 Satellite | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-14334 | 1 Redhat | 1 Satellite | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance. | |||||