Redhat

Enterprise Linux Eus

779 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2021-3570

  • EPSS 1.23%
  • Veröffentlicht 09.07.2021 11:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:52

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat f...

6.5

CVE-2020-14301

  • EPSS 0.38%
  • Veröffentlicht 27.05.2021 20:15:07
  • Zuletzt bearbeitet 21.11.2024 05:02:57

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive inform...

6.6

CVE-2020-14355

  • EPSS 1.63%
  • Veröffentlicht 07.10.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:03:04

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious ...

5

CVE-2020-1045

  • EPSS 20.52%
  • Veröffentlicht 11.09.2020 17:15:18
  • Zuletzt bearbeitet 21.11.2024 05:09:37

<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with th...

7.5

CVE-2020-9490

  • EPSS 75.82%
  • Veröffentlicht 07.08.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:45

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via ...

6

CVE-2020-14310

  • EPSS 0.05%
  • Veröffentlicht 31.07.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:58

There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font val...

6

CVE-2020-14311

  • EPSS 0.03%
  • Veröffentlicht 31.07.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:58

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subseque...

7.5

CVE-2019-15604

Exploit
  • EPSS 4.72%
  • Veröffentlicht 07.02.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:06

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

9.8

CVE-2019-15605

  • EPSS 32.25%
  • Veröffentlicht 07.02.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:06

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

9.8

CVE-2019-15606

Exploit
  • EPSS 2.29%
  • Veröffentlicht 07.02.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:07

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons