Export limit exceeded: 16351 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (16351 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8624 | 7 Canonical, Debian, Fedoraproject and 4 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 4.3 Medium |
| In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. | ||||
| CVE-2020-8623 | 8 Canonical, Debian, Fedoraproject and 5 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2024-11-21 | 7.5 High |
| In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker | ||||
| CVE-2020-8622 | 9 Canonical, Debian, Fedoraproject and 6 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-11-21 | 6.5 Medium |
| In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. | ||||
| CVE-2020-8619 | 7 Canonical, Debian, Fedoraproject and 4 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 4.9 Medium |
| In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable. | ||||
| CVE-2020-8617 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-11-21 | 7.5 High |
| Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. | ||||
| CVE-2020-8616 | 3 Debian, Isc, Redhat | 7 Debian Linux, Bind, Enterprise Linux and 4 more | 2024-11-21 | 8.6 High |
| A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. | ||||
| CVE-2020-8608 | 4 Debian, Libslirp Project, Opensuse and 1 more | 11 Debian Linux, Libslirp, Leap and 8 more | 2024-11-21 | 5.6 Medium |
| In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. | ||||
| CVE-2020-8595 | 2 Istio, Redhat | 4 Istio, Enterprise Linux, Openshift Service Mesh and 1 more | 2024-11-21 | 7.3 High |
| Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match. | ||||
| CVE-2020-8492 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 6.5 Medium |
| Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. | ||||
| CVE-2020-8450 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.3 High |
| An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. | ||||
| CVE-2020-8449 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. | ||||
| CVE-2020-8286 | 9 Apple, Debian, Fedoraproject and 6 more | 22 Mac Os X, Macos, Debian Linux and 19 more | 2024-11-21 | 7.5 High |
| curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | ||||
| CVE-2020-8231 | 6 Debian, Haxx, Oracle and 3 more | 6 Debian Linux, Libcurl, Communications Cloud Native Core Policy and 3 more | 2024-11-21 | 7.5 High |
| Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. | ||||
| CVE-2020-8174 | 4 Netapp, Nodejs, Oracle and 1 more | 13 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 10 more | 2024-11-21 | 8.1 High |
| napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. | ||||
| CVE-2020-8172 | 3 Nodejs, Oracle, Redhat | 8 Node.js, Banking Extensibility Workbench, Blockchain Platform and 5 more | 2024-11-21 | 7.4 High |
| TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. | ||||
| CVE-2020-8116 | 2 Dot-prop Project, Redhat | 4 Dot-prop, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | 7.3 High |
| Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. | ||||
| CVE-2020-8112 | 3 Debian, Redhat, Uclouvain | 4 Debian Linux, Enterprise Linux, Rhel E4s and 1 more | 2024-11-21 | 8.8 High |
| opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. | ||||
| CVE-2020-8037 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Mac Os X, Macos, Debian Linux and 3 more | 2024-11-21 | 7.5 High |
| The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. | ||||
| CVE-2020-7788 | 3 Debian, Ini Project, Redhat | 5 Debian Linux, Ini, Enterprise Linux and 2 more | 2024-11-21 | 7.3 High |
| This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. | ||||
| CVE-2020-7774 | 4 Oracle, Redhat, Siemens and 1 more | 7 Graalvm, Enterprise Linux, Openshift and 4 more | 2024-11-21 | 7.3 High |
| The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. | ||||