Export limit exceeded: 44179 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 23141 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23141 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-1701 | 2 Kubevirt, Redhat | 2 Kubevirt, Container Native Virtualization | 2024-11-21 | 6.5 Medium |
| A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret. | ||||
| CVE-2020-1700 | 4 Canonical, Ceph, Opensuse and 1 more | 4 Ubuntu Linux, Ceph, Leap and 1 more | 2024-11-21 | 6.5 Medium |
| A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system. | ||||
| CVE-2020-1699 | 2 Linuxfoundation, Redhat | 2 Ceph, Ceph Storage | 2024-11-21 | 7.5 High |
| A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard. | ||||
| CVE-2020-1698 | 1 Redhat | 3 Keycloak, Openshift Application Runtimes, Red Hat Single Sign On | 2024-11-21 | 5 Medium |
| A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2020-1697 | 1 Redhat | 4 Jboss Single Sign On, Keycloak, Openshift Application Runtimes and 1 more | 2024-11-21 | 6.1 Medium |
| It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks. | ||||
| CVE-2020-1696 | 2 Dogtagpki, Redhat | 3 Dogtagpki, Certificate System, Certificate System Eus | 2024-11-21 | 4.6 Medium |
| A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code. | ||||
| CVE-2020-1695 | 2 Fedoraproject, Redhat | 9 Fedora, Enterprise Linux, Jboss Data Grid and 6 more | 2024-11-21 | 7.5 High |
| A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed. | ||||
| CVE-2020-1694 | 1 Redhat | 2 Jboss Single Sign On, Keycloak | 2024-11-21 | 4.9 Medium |
| A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions. | ||||
| CVE-2020-1693 | 1 Redhat | 1 Spacewalk | 2024-11-21 | 8.6 High |
| A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server. | ||||
| CVE-2020-1690 | 1 Redhat | 3 Openstack, Openstack-selinux, Openstack Platform | 2024-11-21 | 6.5 Medium |
| An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected. | ||||
| CVE-2020-1161 | 2 Microsoft, Redhat | 5 Asp.net Core, Visual Studio 2017, Visual Studio 2019 and 2 more | 2024-11-21 | 7.5 High |
| A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. | ||||
| CVE-2020-1108 | 2 Microsoft, Redhat | 17 .net, .net Core, .net Framework and 14 more | 2024-11-21 | 7.5 High |
| A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. | ||||
| CVE-2020-19131 | 3 Debian, Redhat, Simplesystems | 3 Debian Linux, Enterprise Linux, Libtiff | 2024-11-21 | 7.5 High |
| Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". | ||||
| CVE-2020-18898 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. | ||||
| CVE-2020-18652 | 2 Exempi Project, Redhat | 2 Exempi, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file. | ||||
| CVE-2020-18651 | 2 Exempi Project, Redhat | 2 Exempi, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame. | ||||
| CVE-2020-18032 | 4 Debian, Fedoraproject, Graphviz and 1 more | 4 Debian Linux, Fedora, Graphviz and 1 more | 2024-11-21 | 7.8 High |
| Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. | ||||
| CVE-2020-17541 | 2 Libjpeg-turbo, Redhat | 2 Libjpeg-turbo, Enterprise Linux | 2024-11-21 | 8.8 High |
| Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. | ||||
| CVE-2020-17521 | 4 Apache, Netapp, Oracle and 1 more | 24 Atlas, Groovy, Snapcenter and 21 more | 2024-11-21 | 5.5 Medium |
| Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2. | ||||
| CVE-2020-17510 | 3 Apache, Debian, Redhat | 3 Shiro, Debian Linux, Jboss Fuse | 2024-11-21 | 9.8 Critical |
| Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. | ||||