Filtered by vendor Redhat
Subscriptions
Filtered by product Rhel Els
Subscriptions
Total
583 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9895 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2024-11-21 | 9.8 Critical |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | ||||
| CVE-2020-9894 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2024-11-21 | 4.3 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | ||||
| CVE-2020-9893 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2024-11-21 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | ||||
| CVE-2020-9862 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2024-11-21 | 7.8 High |
| A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. | ||||
| CVE-2020-9850 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2024-11-21 | 9.8 Critical |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. | ||||
| CVE-2020-9843 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2024-11-21 | 7.1 High |
| An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. | ||||
| CVE-2020-9807 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2024-11-21 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2020-9806 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2024-11-21 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2020-9805 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2024-11-21 | 7.1 High |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. | ||||
| CVE-2020-9803 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2024-11-21 | 8.8 High |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2020-8625 | 6 Debian, Fedoraproject, Isc and 3 more | 15 Debian Linux, Fedora, Bind and 12 more | 2024-11-21 | 8.1 High |
| BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch | ||||
| CVE-2020-36385 | 4 Linux, Netapp, Redhat and 1 more | 26 Linux Kernel, H300e, H300e Firmware and 23 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. | ||||
| CVE-2020-29661 | 7 Broadcom, Debian, Fedoraproject and 4 more | 25 Fabric Operating System, Debian Linux, Fedora and 22 more | 2024-11-21 | 7.8 High |
| A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. | ||||
| CVE-2020-29623 | 4 Apple, Fedoraproject, Redhat and 1 more | 9 Ipados, Iphone Os, Mac Os X and 6 more | 2024-11-21 | 3.3 Low |
| "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. | ||||
| CVE-2020-27918 | 5 Apple, Debian, Fedoraproject and 2 more | 13 Icloud, Ipados, Iphone Os and 10 more | 2024-11-21 | 7.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2020-24513 | 4 Debian, Intel, Redhat and 1 more | 77 Debian Linux, Atom C3308, Atom C3336 and 74 more | 2024-11-21 | 6.5 Medium |
| Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2020-24512 | 4 Debian, Intel, Netapp and 1 more | 11 Debian Linux, Microcode, Fas\/aff Bios and 8 more | 2024-11-21 | 3.3 Low |
| Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2020-24511 | 4 Debian, Intel, Netapp and 1 more | 11 Debian Linux, Microcode, Fas\/aff Bios and 8 more | 2024-11-21 | 6.5 Medium |
| Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2020-24489 | 3 Debian, Intel, Redhat | 221 Debian Linux, Atom X5-e3930, Atom X5-e3940 and 218 more | 2024-11-21 | 8.8 High |
| Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-1971 | 9 Debian, Fedoraproject, Netapp and 6 more | 55 Debian Linux, Fedora, Active Iq Unified Manager and 52 more | 2024-11-21 | 5.9 Medium |
| The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). | ||||