Vulnerabilities > Redhat > Enterprise Linux > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-24 | CVE-2020-10763 | Information Exposure Through Log Files vulnerability in multiple products An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. | 2.1 |
| 2020-10-06 | CVE-2020-25743 | NULL Pointer Dereference vulnerability in multiple products hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. | 2.1 |
| 2020-07-13 | CVE-2019-19338 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. | 2.1 |
| 2020-04-10 | CVE-2020-11669 | An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. | 2.1 |
| 2020-04-08 | CVE-2020-2732 | Information Exposure vulnerability in Redhat Enterprise Linux 7.0/8.0 A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. | 2.3 |
| 2020-01-31 | CVE-2015-6815 | Infinite Loop vulnerability in multiple products The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. | 3.5 |
| 2019-12-03 | CVE-2019-13456 | Information Exposure Through Discrepancy vulnerability in multiple products In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. | 2.9 |
| 2019-11-27 | CVE-2012-6655 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. | 2.1 |
| 2019-11-27 | CVE-2016-4980 | Use of Insufficiently Random Values vulnerability in multiple products A password generation weakness exists in xquest through 2016-06-13. | 2.5 |
| 2019-11-26 | CVE-2011-3632 | Link Following vulnerability in multiple products Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | 3.6 |