5094 matches found
Out-of-bounds
A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability...
CVE-2021-20266
A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability...
CVE-2021-20266
A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability...
CVE-2021-20266
A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability...
CVE-2021-20266
A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability...
CVE-2021-31916
An out-of-bounds OOB memory write flaw was found in listdevices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user CAPSYSADMIN privilege to gain access to out-of-bounds memory leading to a system...
EulerOS 2.0 SP3 : cairo (EulerOS-SA-2021-1769)
According to the version of the cairo packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to...
EulerOS 2.0 SP3 : postgresql (EulerOS-SA-2021-1833)
According to the version of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker havi...
EulerOS 2.0 SP3 : xorg-x11-server (EulerOS-SA-2021-1863)
According to the version of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local...
CVE-2021-25216
A flaw was found in bind. The SPNEGO implementation used by BIND, which is a negotiation mechanism used by GSSAPI to support the secure exchange of keys used to verify the authenticity of communications between parties on a network, is subject to a buffer overflow attack. The highest threat from...
CVE-2021-25215
A flaw was found in bind. The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail. The highest threat from this flaw is to system availability. Mitigation Red Hat has investigated whether a possible...
Oracle Linux 7 : nss (ELSA-2021-1384)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-1384 advisory. 3.53.1-7 - Fix HSM load failure because of CKOProfile - Allow builds with strict-proto 3.53.1-6 - Update to CVE 2020-256423 TLS flood DOS attack patch. 3.53.1-5...
CVE-2019-25031
A flaw was found in unbound. The createunboundadservers.sh bash script does not properly sanitize input data, which is retrieved using an unencrypted, unauthenticated HTTP request, before writing the configuration file allowing a man-in-the-middle attack. The highest threat from this vulnerabilit...
CVE-2021-3522
A flaw was found in gstreamer-plugins-base where an out-of-bounds read when handling certain ID3v2 tags is possible. The highest threat from this vulnerability is to system availability...
CVE-2021-3501
A flaw was found in the Linux kernel. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability...
CVE-2020-36325
A flaw was found in jansson. An out-of-bounds read-access bug is possible due to a parsing error in jsonloads. The highest threat from this vulnerability is do system availability...
bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible
A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data...
kernel: heap buffer overflow in the iSCSI subsystem
A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
kernel: heap buffer overflow in the iSCSI subsystem
A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
kernel: Use after free via PI futex state
A flaw was found in the Linux kernel. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as syste...