Filtered by vendor Redhat
Subscribe
Total
5742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14300 | 2 Docker, Redhat | 2 Docker, Enterprise Linux Server | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). The CVE-2020-14300 was assigned to this security regression and it is specific to the docker packages produced by Red Hat. The original issue - CVE-2016-9962 - could possibly allow a process inside container to compromise a process entering container namespace and execute arbitrary code outside of the container. This could lead to compromise of the container host or other containers running on the same container host. This issue only affects a single version of Docker, 1.13.1-108.git4ef4b30, shipped in Red Hat Enterprise Linux 7. Both earlier and later versions are not affected. | |||||
| CVE-2020-14299 | 1 Redhat | 3 Jboss Enterprise Application Platform, Openshift Application Runtimes, Single Sign-on | 2024-11-21 | 6.3 MEDIUM | 6.5 MEDIUM |
| A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability. | |||||
| CVE-2020-14298 | 2 Docker, Redhat | 3 Docker, Enterprise Linux Server, Openshift Container Platform | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected. | |||||
| CVE-2020-14297 | 1 Redhat | 6 Amq, Jboss-ejb-client, Jboss Enterprise Application Platform Continuous Delivery and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable. | |||||
| CVE-2020-14296 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible. | |||||
| CVE-2020-12826 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | 4.4 MEDIUM | 5.3 MEDIUM |
| A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. | |||||
| CVE-2020-12685 | 1 Redhat | 1 Interchange | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript. | |||||
| CVE-2020-12458 | 3 Fedoraproject, Grafana, Redhat | 4 Fedora, Grafana, Ceph Storage and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords). | |||||
| CVE-2020-12430 | 1 Redhat | 2 Enterprise Linux, Libvirt | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service. | |||||
| CVE-2020-11669 | 3 Linux, Opensuse, Redhat | 3 Linux Kernel, Leap, Enterprise Linux | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd. | |||||
| CVE-2020-11100 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. | |||||
| CVE-2020-10783 | 1 Redhat | 1 Cloudforms | 2024-11-21 | 6.5 MEDIUM | 8.3 HIGH |
| Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files. | |||||
| CVE-2020-10782 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1. | |||||
| CVE-2020-10780 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 4.9 MEDIUM | 6.3 MEDIUM |
| Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities. | |||||
| CVE-2020-10779 | 1 Redhat | 1 Cloudforms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms. | |||||
| CVE-2020-10778 | 1 Redhat | 1 Cloudforms | 2024-11-21 | 6.5 MEDIUM | 6.0 MEDIUM |
| In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior. | |||||
| CVE-2020-10777 | 1 Redhat | 1 Cloudforms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. | |||||
| CVE-2020-10776 | 1 Redhat | 1 Keycloak | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack. | |||||
| CVE-2020-10775 | 2 Oracle, Redhat | 2 Virtualization, Ovirt-engine | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
| An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality. | |||||
| CVE-2020-10772 | 2 Nlnetlabs, Redhat | 2 Unbound, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound. | |||||