CVE-2020-14342

A flaw was found in cifs-utils' mount.cifs where it was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. This flaw allows an attacker who can invoke mount.cifs with special permission, such as via sudo rules, to escalate their privileges. The...

CVE-2020-14386

A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation If the CAPNETRAW capability disabled by...

CVE-2020-24659

A flaw was found in GnuTLS, where the server can trigger the client to run into heap buffer overflow if a norenegotiation alert is sent in an unexpected timing. This flaw allows the client to crash at the session deinitialization timing. The highest threat from this vulnerability is to system...

Amazon Linux AMI : kernel (ALAS-2020-1430)

The version of kernel installed on the remote host is prior to 4.14.193-113.317. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1430 advisory. 2024-05-23: CVE-2020-14356 was added to this advisory. A flaw null pointer dereference in the Linux kernel cgroupv2...

CVE-2020-14384

A flaw was found in jbossweb. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability. Mitigatio...

CVE-2020-14382

A flaw was found in the way cryptsetup parses encrypted images with invalid segments. This flaw allows a local attacker to crash an application compiled with cryptsetup, or in some cases, cause arbitrary code execution when parsing specially crafted encrypted images. The highest threat from this...

CVE-2020-14345

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

UBUNTU-CVE-2020-14345

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2020-14373

A use-after-free flaw was found in igcrelocstructptr of psi/igc.c of Ghostscript-9.25. This flaw allows a local attacker to supply a specially crafted PDF file, causing a denial of service. The highest threat from this vulnerability is to system availability...

keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body

A flaw was found in Keycloak. This flaw allows an attacker to perform a denial of service attack by sending multiple simultaneous requests with a Content-Length header value greater than the actual byte count of the request body. The highest threat from this vulnerability is to system availabilit...

wildfly-elytron: session fixation when using FORM authentication

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

Important: postgresql-jdbc

Issue Overview: PostgreSQL JDBC Driver aka PgJDBC before 42.2.13 allows XXE. A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity XXE weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system...

ansible: dnf module install packages with no GPG signature

A flaw was found in the Ansible Engine when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code...

CVE-2020-14381

A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as...

wildfly-elytron: session fixation when using FORM authentication

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

CVE-2020-14365

A flaw was found in the Ansible Engine when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code...

CVE-2020-14380

Red Hat Satellite's external authentication component is vulnerable to a full account takeover flaw. This flaw allows an attacker with an authenticated account on Single sign-on SSO to gain elevated privileges of existing local users. This issue only affects users who have configured Satellite to...

Denial Of Service (DoS)

xorg-server is vulnerable to Denial Of Service DoS. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Updated kernel and kernel-linus packages fix security vulnerabilities

This update is based on the upstream 5.7.19 kernel and fixes at least the following security issue: In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in trymergefreespace ...

MGASA-2020-0355 Updated kernel and kernel-linus packages fix security vulnerabilities

This update is based on the upstream 5.7.19 kernel and fixes at least the following security issue: In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in trymergefreespace ...