Enterprise Linux EUS

DATE	CVE	VULNERABILITY TITLE	RISK
2021-11-23	CVE-2021-3672	Cross-site Scripting vulnerability in multiple products A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. network high complexity c-ares-project fedoraproject redhat siemens nodejs pgbouncer CWE-79	5.6
2021-07-09	CVE-2021-3570	Out-of-bounds Write vulnerability in multiple products A flaw was found in the ptp4l program of the linuxptp package. network low complexity linuxptp-project redhat fedoraproject debian CWE-787	8.8
2021-05-27	CVE-2020-14301	Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An information disclosure vulnerability was found in libvirt in versions before 6.3.0. network low complexity redhat netapp CWE-212	4.0
2020-10-07	CVE-2020-14355	Classic Buffer Overflow vulnerability in multiple products Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. network low complexity spice-project redhat canonical debian opensuse CWE-120	6.6
2020-09-11	CVE-2020-1045	<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p> network low complexity microsoft fedoraproject redhat	7.5
2020-08-07	CVE-2020-9490	HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43. network low complexity apache oracle opensuse debian fedoraproject canonical redhat CWE-444	7.5
2020-07-31	CVE-2020-14311	Heap-based Buffer Overflow vulnerability in multiple products There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. local low complexity gnu redhat opensuse canonical CWE-122	6.0
2020-07-31	CVE-2020-14310	Integer Overflow or Wraparound vulnerability in multiple products There is an issue on grub2 before version 2.06 at function read_section_as_string(). local low complexity gnu redhat opensuse canonical CWE-190	6.0
2020-02-07	CVE-2019-15606	Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons network low complexity nodejs oracle debian redhat opensuse critical	9.8
2020-02-07	CVE-2019-15605	HTTP Request Smuggling vulnerability in multiple products HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed network low complexity nodejs debian fedoraproject opensuse redhat oracle CWE-444 critical	9.8