Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Eus
Subscriptions
Total
2999 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15658 | 3 Canonical, Mozilla, Redhat | 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 6.5 Medium |
| The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | ||||
| CVE-2020-15656 | 4 Canonical, Mozilla, Opensuse and 1 more | 8 Ubuntu Linux, Firefox, Firefox Esr and 5 more | 2024-11-21 | 8.8 High |
| JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | ||||
| CVE-2020-15654 | 3 Canonical, Mozilla, Redhat | 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 6.5 Medium |
| When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | ||||
| CVE-2020-15653 | 3 Canonical, Mozilla, Redhat | 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 6.5 Medium |
| An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | ||||
| CVE-2020-15652 | 3 Canonical, Mozilla, Redhat | 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 6.5 Medium |
| By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. | ||||
| CVE-2020-15648 | 2 Mozilla, Redhat | 5 Firefox, Thunderbird, Enterprise Linux and 2 more | 2024-11-21 | 6.5 Medium |
| Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2. | ||||
| CVE-2020-15646 | 2 Mozilla, Redhat | 4 Thunderbird, Enterprise Linux, Rhel E4s and 1 more | 2024-11-21 | 5.9 Medium |
| If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0. | ||||
| CVE-2020-15436 | 4 Broadcom, Linux, Netapp and 1 more | 37 Brocade Fabric Operating System Firmware, Linux Kernel, A250 and 34 more | 2024-11-21 | 6.7 Medium |
| Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. | ||||
| CVE-2020-15180 | 5 Debian, Galeracluster, Mariadb and 2 more | 9 Debian Linux, Galera Cluster For Mysql, Mariadb and 6 more | 2024-11-21 | 9.0 Critical |
| A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6. | ||||
| CVE-2020-15095 | 4 Fedoraproject, Npmjs, Opensuse and 1 more | 6 Fedora, Npm, Leap and 3 more | 2024-11-21 | 4.4 Medium |
| Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files. | ||||
| CVE-2020-14812 | 6 Debian, Fedoraproject, Mariadb and 3 more | 12 Debian Linux, Fedora, Mariadb and 9 more | 2024-11-21 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2020-14799 | 3 Netapp, Oracle, Redhat | 9 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 6 more | 2024-11-21 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2020-14789 | 5 Fedoraproject, Mariadb, Netapp and 2 more | 11 Fedora, Mariadb, Active Iq Unified Manager and 8 more | 2024-11-21 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2020-14776 | 5 Fedoraproject, Mariadb, Netapp and 2 more | 9 Fedora, Mariadb, Oncommand Insight and 6 more | 2024-11-21 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2020-14765 | 6 Debian, Fedoraproject, Mariadb and 3 more | 12 Debian Linux, Fedora, Mariadb and 9 more | 2024-11-21 | 6.5 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2020-14725 | 3 Netapp, Oracle, Redhat | 6 Active Iq Unified Manager, Mysql, Enterprise Linux and 3 more | 2024-11-21 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2020-14702 | 4 Canonical, Netapp, Oracle and 1 more | 10 Ubuntu Linux, Active Iq Unified Manager, Oncommand Insight and 7 more | 2024-11-21 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2020-14697 | 4 Canonical, Netapp, Oracle and 1 more | 10 Ubuntu Linux, Active Iq Unified Manager, Oncommand Insight and 7 more | 2024-11-21 | 7.2 High |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2020-14680 | 4 Canonical, Netapp, Oracle and 1 more | 10 Ubuntu Linux, Active Iq Unified Manager, Oncommand Insight and 7 more | 2024-11-21 | 6.5 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2020-14678 | 4 Canonical, Netapp, Oracle and 1 more | 10 Ubuntu Linux, Active Iq Unified Manager, Oncommand Insight and 7 more | 2024-11-21 | 7.2 High |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | ||||