|
211451
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is abou…
|
CWE-416
Use After Free
|
CVE-2020-14381
|
2024-11-21 14:03 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211452
|
7.8 |
HIGH
Local
|
linux
redhat
debian
|
linux_kernel
enterprise_linux
debian_linux
|
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly esca…
|
-
|
CVE-2020-14351
|
2024-11-21 14:03 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211453
|
8.8 |
HIGH
Local
|
redhat
|
enterprise_linux
libvirt
|
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapp…
|
-
|
CVE-2020-14339
|
2024-11-21 14:03 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211454
|
6.3 |
MEDIUM
Network
|
redhat
|
cloudforms
|
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently au…
|
CWE-352
Origin Validation Error
|
CVE-2020-14369
|
2024-11-21 14:03 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211455
|
6.5 |
MEDIUM
Network
|
samba
redhat
|
samba
enterprise_linux
|
A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted afte…
|
NVD-CWE-Other
|
CVE-2020-14383
|
2024-11-21 14:03 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211456
|
8.1 |
HIGH
Network
|
redhat
|
keycloak
|
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user …
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2020-14389
|
2024-11-21 14:03 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211457
|
7.5 |
HIGH
Network
|
redhat
|
keycloak
|
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the f…
|
CWE-22
Path Traversal
|
CVE-2020-14366
|
2024-11-21 14:03 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211458
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_reader
|
Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.
|
NVD-CWE-noinfo
|
CVE-2020-14425
|
2024-11-21 14:03 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211459
|
5.5 |
MEDIUM
Local
|
samba
opensuse
fedoraproject
debian
|
samba
leap
fedora
debian_linux
|
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-14323
|
2024-11-21 14:03 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211460
|
3.1 |
LOW
Network
|
oracle
|
retail_customer_management_and_segmentation_foundation
|
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 18.0 and 19.0. …
|
NVD-CWE-noinfo
|
CVE-2020-14731
|
2024-11-21 14:03 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
