Enterprise Linux Server TUS

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-03	CVE-2020-25632	Use After Free vulnerability in multiple products A flaw was found in grub2 in versions prior to 2.06. local low complexity gnu redhat fedoraproject netapp CWE-416	8.2
2021-03-03	CVE-2020-14372	Incomplete Blacklist vulnerability in multiple products A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. local high complexity gnu redhat fedoraproject netapp CWE-184	7.5
2020-08-07	CVE-2020-9490	HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43. network low complexity apache oracle opensuse debian fedoraproject canonical redhat CWE-444	7.5
2020-07-31	CVE-2020-14311	Heap-based Buffer Overflow vulnerability in multiple products There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. local low complexity gnu redhat opensuse canonical CWE-122	6.0
2020-07-31	CVE-2020-14310	Integer Overflow or Wraparound vulnerability in multiple products There is an issue on grub2 before version 2.06 at function read_section_as_string(). local low complexity gnu redhat opensuse canonical CWE-190	6.0
2020-05-22	CVE-2020-10711	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. network high complexity linux redhat debian opensuse canonical CWE-476	5.9
2020-02-11	CVE-2013-4535	Improper Input Validation vulnerability in multiple products The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. local low complexity qemu redhat CWE-20	8.8
2020-02-07	CVE-2019-15605	HTTP Request Smuggling vulnerability in multiple products HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed network low complexity nodejs debian fedoraproject opensuse redhat oracle CWE-444 critical	9.8
2020-02-07	CVE-2019-15604	Improper Certificate Validation vulnerability in multiple products Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate network low complexity nodejs debian opensuse redhat oracle CWE-295	7.5
2020-01-31	CVE-2014-8141	Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. local low complexity unzip-project redhat CWE-787	7.8