Lucene search
K

5094 matches found

Cvelist
Cvelist
added 2021/04/19 9:11 p.m.20 views

CVE-2021-3506

An out-of-bounds OOB memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The...

7.1AI score0.00366EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2021/04/19 7:26 p.m.28 views

CVE-2021-3506

An out-of-bounds OOB memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this...

8.1CVSS1AI score0.00366EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/04/19 12:0 a.m.38 views

Fedora 32 : rpm (2021-662680e477)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-662680e477 advisory. - A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to...

7CVSS6.6AI score0.01706EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/04/19 12:0 a.m.36 views

Fedora 32 : dnsmasq (2021-2e4c3d5a9d)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-2e4c3d5a9d advisory. - A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with...

8.3CVSS7.9AI score0.86692EPSS
Exploits2References8
RedhatCVE
RedhatCVE
added 2021/04/16 7:11 p.m.83 views

CVE-2021-3493

A flaw was found in the Linux kernel. The overlayfs stacking file system does not properly validate the application of file capabilities against user namespaces. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS2.5AI score0.43988EPSS
Exploits27References4
RedhatCVE
RedhatCVE
added 2021/04/16 7:11 p.m.30 views

CVE-2021-3492

A flaw use after free or use before allocation in the Linux kernel Shiftfs file-system was found in the way user calls one of the few ioctls. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

8.8CVSS1.7AI score0.01547EPSS
Exploits1References3
CNVD
CNVD
added 2021/04/16 12:0 a.m.9 views

SAP NetWeaver AS ABAP Denial of Service Vulnerability (CNVD-2021-29099)

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A denial of service vulnerability exists in SAP NetWeaver AS ABAP versions 731, 740, and 750. The vulnerability...

6.5CVSS6.7AI score0.00862EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2021/04/15 9:2 p.m.33 views

CVE-2021-28682

A flaw was found in envoyproxy/envoy. An attacker, able to craft a packet which specifies a large grpc-timeout, can potentially cause envoy to incorrectly calculate the timeouts resulting in a denial of service. The highest threat from this vulnerability is to system availability...

7.5CVSS2.8AI score0.0204EPSS
Exploits1References4
OSV
OSV
added 2021/04/15 3:15 p.m.24 views

CVE-2021-20288

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated...

7.2CVSS6.6AI score
Exploits0References6
NVD
NVD
added 2021/04/15 3:15 p.m.20 views

CVE-2021-20288

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated...

7.2CVSS0.0211EPSS
Exploits0References6
OSV
OSV
added 2021/04/15 3:15 p.m.3 views

DEBIAN-CVE-2021-20288

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated...

7.2CVSS6.5AI score0.0211EPSS
Exploits0References1
Prion
Prion
added 2021/04/15 3:15 p.m.16 views

Authentication flaw

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated...

6.5CVSS6.8AI score0.0211EPSS
Exploits0References6Affected Software4
UbuntuCve
UbuntuCve
added 2021/04/15 12:0 a.m.42 views

CVE-2021-20288

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated...

7.2CVSS6.8AI score0.0211EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/04/15 12:0 a.m.34 views

CVE-2021-20288

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated...

7.2AI score0.0211EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2021/04/15 12:0 a.m.43 views

EulerOS Virtualization 2.9.0 : libtiff (EulerOS-SA-2021-1754)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially...

7.8CVSS7.6AI score0.01922EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2021/04/15 12:0 a.m.44 views

CVE-2021-20288

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated...

7.2CVSS7.1AI score0.0211EPSS
Exploits0
CVE
CVE
added 2021/04/15 12:0 a.m.229 views

CVE-2021-20288

Ceph CVE-2021-20288 is an authentication flaw in Ceph before certain fixed releases. The root cause is that CEPHX_GET_AUTH_SESSION_KEY handling does not sanitize other_keys, allowing reuse of old keys when a global_id is requested, enabling a user to leverage a global_id previously associated wit...

7.2CVSS6.8AI score0.0211EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2021/04/15 12:0 a.m.28 views

CVE-2021-20288

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated...

7.2CVSS6.4AI score0.0211EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/04/15 12:0 a.m.61 views

EulerOS Virtualization 2.9.1 : libtiff (EulerOS-SA-2021-1716)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially...

7.8CVSS7.6AI score0.01922EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/04/15 12:0 a.m.28 views

EulerOS Virtualization 2.9.0 : grub2 (EulerOS-SA-2021-1741)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged...

8.2CVSS7.7AI score0.01738EPSS
Exploits0References9
Rows per page
Query Builder