PYSEC-2021-50

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

CVE-2021-25281

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

CVE-2021-25281

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

CVE-2021-25281

Removed by vendor...

CVE-2020-26200

A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk KRD and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security KES...

Design/Logic Flaw

A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk KRD and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security KES...

SUSE-SU-2021:0597-1 Security update for rpmlint

This update for rpmlint fixes the following issues: - Whitelist PAM modules and DBUS rules for cockpit bsc1169614...

ansible: multiple modules expose secured values

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by nolog feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to dat...

CVE-2020-11147

Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile...

Design/Logic Flaw

Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2020-11147

CVE-2020-11147 affects Snapdragon Compute, Snapdragon Industrial IOT, and Snapdragon Mobile: a use-after-free in audio modules caused by incorrect macro usage during list iteration when removing/freeing objects. Root cause is the macro misuse leading to freeing objects while iterating. Documented...

CVE-2020-11147

Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile...

Cross site scripting

Out of bounds read in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access...

Heap overflow

Heap overflow in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access...

Input validation

Insufficient input validation in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2020-12376

CVE-2020-12376 affects Intel® Server Boards, Server Systems and Compute Modules BMC firmware. The issue is use of a hard-coded key in firmware before version 2.47, potentially enabling information disclosure via local access by an authenticated user. Intel’s advisory Intel‑SA‑00434 confirms the v...

PT-2021-2011

Name of the Vulnerable Software and Affected Versions: Kaspersky Endpoint Security affected versions not specified Kaspersky Rescue Disk affected versions not specified Description: A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of...

PYSEC-2021-68

An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service DoS...

The vulnerability of microprogrammed software in server boards, server systems, and Intel computing modules arises from operations that occur outside the buffer boundaries in memory. This vulnerability allows attackers to exploit their privileges.

The vulnerability of microprogrammed software in server boards, server systems, and Intel computing modules is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of microprogramming software in server boards, server systems, and Intel computing modules arises from buffer overflows in dynamic memory, allowing attackers to exploit their privileges.

The vulnerability of microprogrammed software in server boards, server systems, and Intel computing modules is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow attackers to gain increased privileges...