Vulnerabilities > Redhat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-08 | CVE-2020-25692 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. | 7.5 |
| 2020-12-06 | CVE-2020-29573 | Out-of-bounds Write vulnerability in multiple products sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. | 7.5 |
| 2020-12-03 | CVE-2020-27778 | Access of Uninitialized Pointer vulnerability in multiple products A flaw was found in Poppler in the way certain PDF files were converted into HTML. | 7.5 |
| 2020-12-03 | CVE-2020-14339 | Missing Release of Resource after Effective Lifetime vulnerability in Redhat Enterprise Linux and Libvirt A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. | 8.8 |
| 2020-11-27 | CVE-2020-25708 | Divide By Zero vulnerability in multiple products A divide by zero issue was found to occur in libvncserver-0.9.12. | 7.5 |
| 2020-11-23 | CVE-2020-25660 | Authentication Bypass by Capture-replay vulnerability in multiple products A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. | 8.8 |
| 2020-11-17 | CVE-2020-14389 | Use of Password Hash With Insufficient Computational Effort vulnerability in Redhat Keycloak It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have. | 8.1 |
| 2020-11-09 | CVE-2020-14366 | Path Traversal vulnerability in Redhat Keycloak A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. | 7.5 |
| 2020-11-05 | CVE-2020-25661 | Type Confusion vulnerability in Redhat Enterprise Linux 8.3 A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. | 8.8 |
| 2020-10-27 | CVE-2020-3864 | Origin Validation Error vulnerability in multiple products A logic issue was addressed with improved validation. | 7.2 |