|
681
|
7.5
5.0
|
HIGH
Network
|
<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p>
<p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow …
|
NVD-CWE-noinfo
|
CVE-2020-1045
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 14:09
2020-09-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
682
|
7.5
5.0
|
HIGH
Network
|
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the ker…
|
-
|
CVE-2020-1749
|
cpe:2.3:o:redhat:enterprise_linux:7.0:*
|
|
|
|
|
2024-11-21 14:11
2020-09-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
683
|
5.5
2.1
|
MEDIUM
Local
|
A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.
|
CWE-416
Use After Free
|
CVE-2020-14373
|
cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux:7.0:*
|
|
|
|
|
2024-11-21 14:03
2020-09-4
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
684
|
5.0
4.4
|
MEDIUM
Local
|
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exce…
|
CWE-125 CWE-787
Out-of-bounds Read Out-of-bounds Write
|
CVE-2020-14364
|
cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux…
|
|
|
|
|
2024-11-21 14:03
2020-09-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
685
|
7.8
7.2
|
HIGH
Local
|
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or e…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-14356
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 14:03
2020-08-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
686
|
7.5
5.0
|
HIGH
Network
|
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resou…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-9490
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 14:40
2020-08-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
687
|
6.0
3.6
|
MEDIUM
Local
|
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow lead…
|
-
|
CVE-2020-14311
|
cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux:7.0:*
|
|
|
|
|
2024-11-21 14:02
2020-08-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
688
|
6.0
3.6
|
MEDIUM
Local
|
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with bu…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-14310
|
cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux:7.0:*
|
|
|
|
|
2024-11-21 14:02
2020-08-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
689
|
6.4
4.4
|
MEDIUM
Local
|
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not include…
|
CWE-362 CWE-190
Race Condition Integer Overflow or Wraparound
|
CVE-2020-15707
|
cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux:7.0:*
|
|
|
|
|
2024-11-21 14:06
2020-07-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
690
|
6.4
4.4
|
MEDIUM
Local
|
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executin…
|
CWE-362 CWE-416
Race Condition Use After Free
|
CVE-2020-15706
|
cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux:7.0:*
|
|
|
|
|
2024-11-21 14:06
2020-07-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|