Export limit exceeded: 23139 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23139 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12059 | 3 Canonical, Linuxfoundation, Redhat | 3 Ubuntu Linux, Ceph, Ceph Storage | 2024-11-21 | 7.5 High |
| An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception. | ||||
| CVE-2020-12052 | 2 Grafana, Redhat | 4 Grafana, Enterprise Linux, Openshift and 1 more | 2024-11-21 | 6.1 Medium |
| Grafana version < 6.7.3 is vulnerable for annotation popup XSS. | ||||
| CVE-2020-12049 | 3 Canonical, Freedesktop, Redhat | 5 Ubuntu Linux, Dbus, Enterprise Linux and 2 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. | ||||
| CVE-2020-11996 | 7 Apache, Canonical, Debian and 4 more | 11 Tomcat, Ubuntu Linux, Debian Linux and 8 more | 2024-11-21 | 7.5 High |
| A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. | ||||
| CVE-2020-11994 | 3 Apache, Oracle, Redhat | 5 Camel, Communications Diameter Signaling Router, Enterprise Manager Base Platform and 2 more | 2024-11-21 | 7.5 High |
| Server-Side Template Injection and arbitrary file disclosure on Camel templating components | ||||
| CVE-2020-11989 | 2 Apache, Redhat | 2 Shiro, Jboss Fuse | 2024-11-21 | 9.8 Critical |
| Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | ||||
| CVE-2020-11988 | 3 Apache, Fedoraproject, Redhat | 5 Xmlgraphics Commons, Fedora, Jboss Enterprise Bpms Platform and 2 more | 2024-11-21 | 8.2 High |
| Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later. | ||||
| CVE-2020-11985 | 2 Apache, Redhat | 3 Http Server, Enterprise Linux, Rhel Software Collections | 2024-11-21 | 5.3 Medium |
| IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020. | ||||
| CVE-2020-11984 | 8 Apache, Canonical, Debian and 5 more | 16 Http Server, Ubuntu Linux, Debian Linux and 13 more | 2024-11-21 | 9.8 Critical |
| Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE | ||||
| CVE-2020-11980 | 2 Apache, Redhat | 2 Karaf, Jboss Fuse | 2024-11-21 | 6.3 Medium |
| In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role can call get*. It's possible to authenticate as a viewer role + invokes on the MLet getMBeansFromURL method, which goes off to a remote server to fetch the desired MBean, which is then registered in Karaf. At this point the attack fails as "viewer" doesn't have the permission to invoke on the MBean. Still, it could act as a SSRF style attack and also it essentially allows a "viewer" role to pollute the MBean registry, which is a kind of privilege escalation. The vulnerability is low as it's possible to add a ACL to limit access. Users should update to Apache Karaf 4.2.9 or newer. | ||||
| CVE-2020-11979 | 5 Apache, Fedoraproject, Gradle and 2 more | 38 Ant, Fedora, Gradle and 35 more | 2024-11-21 | 7.5 High |
| As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. | ||||
| CVE-2020-11973 | 3 Apache, Oracle, Redhat | 5 Camel, Communications Diameter Signaling Router, Enterprise Manager Base Platform and 2 more | 2024-11-21 | 9.8 Critical |
| Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. | ||||
| CVE-2020-11972 | 3 Apache, Oracle, Redhat | 5 Camel, Communications Diameter Signaling Router, Enterprise Manager Base Platform and 2 more | 2024-11-21 | 9.8 Critical |
| Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. | ||||
| CVE-2020-11971 | 3 Apache, Oracle, Redhat | 6 Camel, Communications Diameter Intelligence Hub, Communications Diameter Signaling Router and 3 more | 2024-11-21 | 7.5 High |
| Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0. | ||||
| CVE-2020-11947 | 2 Qemu, Redhat | 3 Qemu, Advanced Virtualization, Enterprise Linux | 2024-11-21 | 3.8 Low |
| iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. | ||||
| CVE-2020-11945 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials). | ||||
| CVE-2020-11884 | 6 Canonical, Debian, Fedoraproject and 3 more | 38 Ubuntu Linux, Debian Linux, Fedora and 35 more | 2024-11-21 | 7.0 High |
| In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. | ||||
| CVE-2020-11793 | 6 Canonical, Fedoraproject, Opensuse and 3 more | 6 Ubuntu Linux, Fedora, Leap and 3 more | 2024-11-21 | 8.8 High |
| A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). | ||||
| CVE-2020-11764 | 7 Apple, Canonical, Debian and 4 more | 13 Icloud, Ipados, Iphone Os and 10 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. | ||||
| CVE-2020-11763 | 7 Apple, Canonical, Debian and 4 more | 13 Icloud, Ipados, Iphone Os and 10 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. | ||||