Export limit exceeded: 75649 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75649 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10758 | 1 Redhat | 5 Jboss Single Sign On, Keycloak, Openshift Application Runtimes and 2 more | 2024-11-21 | 7.5 High |
| A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body. | ||||
| CVE-2020-10757 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2024-11-21 | 7.8 High |
| A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. | ||||
| CVE-2020-10752 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 7.5 High |
| A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token. | ||||
| CVE-2020-10750 | 2 Linuxfoundation, Redhat | 2 Jaeger, Jaeger | 2024-11-21 | 7.1 High |
| Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials. | ||||
| CVE-2020-10745 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 7.5 High |
| A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-10739 | 2 Istio, Redhat | 2 Istio, Service Mesh | 2024-11-21 | 7.5 High |
| Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service. This also affects servicemesh-proxy where a null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on by default in version 1.4.x), an attacker could send a specially crafted packet to the ingress gateway or proxy sidecar, triggering a denial of service. | ||||
| CVE-2020-10738 | 1 Moodle | 1 Moodle | 2024-11-21 | 7.5 High |
| A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution. | ||||
| CVE-2020-10736 | 1 Linuxfoundation | 1 Ceph | 2024-11-21 | 8 High |
| An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks. | ||||
| CVE-2020-10733 | 1 Postgresql | 1 Postgresql | 2024-11-21 | 7.3 High |
| The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights. | ||||
| CVE-2020-10728 | 1 Automationbroker | 1 Apb | 2024-11-21 | 7.8 High |
| A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2020-10725 | 5 Dpdk, Fedoraproject, Opensuse and 2 more | 6 Data Plane Development Kit, Fedora, Leap and 3 more | 2024-11-21 | 7.7 High |
| A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`. | ||||
| CVE-2020-10721 | 1 Redhat | 1 Fabric8-maven | 2024-11-21 | 7.8 High |
| A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAML configuration file on the local machine executing the maven plug-in could allow for deserialization of untrusted data resulting in arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2020-10718 | 1 Redhat | 5 Jboss Enterprise Application Platform, Jboss Fuse, Jboss Single Sign On and 2 more | 2024-11-21 | 7.5 High |
| A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2020-10714 | 2 Netapp, Redhat | 13 Oncommand Insight, Codeready Studio, Descision Manager and 10 more | 2024-11-21 | 7.5 High |
| A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2020-10713 | 5 Debian, Gnu, Opensuse and 2 more | 10 Debian Linux, Grub2, Leap and 7 more | 2024-11-21 | 8.2 High |
| A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2020-10712 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | 7 High |
| A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity. | ||||
| CVE-2020-10709 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 7.1 High |
| A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to Ansible Tower, which allows any user that can gain access to the token to be fully authenticated to Ansible Tower. This flaw affects Ansible Tower versions before 3.6.4 and Ansible Tower versions before 3.5.6. | ||||
| CVE-2020-10705 | 2 Netapp, Redhat | 6 Oncommand Insight, Enterprise Linux, Jboss Enterprise Application Platform and 3 more | 2024-11-21 | 7.5 High |
| A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service. | ||||
| CVE-2020-10704 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 7.5 High |
| A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. | ||||
| CVE-2020-10699 | 2 Redhat, Targetcli-fb Project | 2 Enterprise Linux, Targetcli-fb | 2024-11-21 | 7.8 High |
| A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root. | ||||