5094 matches found
EulerOS Virtualization 2.9.0 : grub2 (EulerOS-SA-2021-1741)
According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged...
CVE-2021-20288
Ceph CVE-2021-20288 is an authentication flaw in Ceph before certain fixed releases. The root cause is that CEPHX_GET_AUTH_SESSION_KEY handling does not sanitize other_keys, allowing reuse of old keys when a global_id is requested, enabling a user to leverage a global_id previously associated wit...
CVE-2021-20288
An authentication flaw was found in ceph. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated with another user, as ceph...
CVE-2021-27905
A flaw was found in solr. The ReplicationHandler in Apache Solr does not check proper parameters when connecting to another Solr instance to replicate index data into the local core leading to a SSRF vulnerability. The highest threat from this vulnerability is to data confidentiality and integrit...
CVE-2021-3472
A flaw was found in xorg-x11-server. An interger underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Nettle vulnerability (USN-4906-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4906-1 advisory. It was discovered that Nettle incorrectly handled signature verification. A remote attacker could use this issue to cause Nettle to crash,...
CVE-2021-3472
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
kernel: out-of-bounds read in libiscsi module
A flaw was found in the Linux kernel. An out-of-bounds read was discovered in the libiscsi module that could lead to reading kernel memory or a crash. The highest threat from this vulnerability is to data confidentiality as well as system availability...
kernel: heap buffer overflow in the iSCSI subsystem
A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
kernel: out-of-bounds read in libiscsi module
A flaw was found in the Linux kernel. An out-of-bounds read was discovered in the libiscsi module that could lead to reading kernel memory or a crash. The highest threat from this vulnerability is to data confidentiality as well as system availability...
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2021-1754)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-3483
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system...
CVE-2020-36311
A flaw was found in the Linux kernel. This flaw allows attackers to cause a denial of service soft lockup by triggering the destruction of a large SEV VM, which requires unregistering many encrypted regions. The highest threat from this vulnerability is to system availability...
CVE-2020-36313
A flaw was found in the Linux kernel. The KVM subsystem allows out-of-range access to memslots after a deletion. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation Mitigation for this issue is either not available or the...
CVE-2020-36312
A flaw was found in the KVM hypervisor of the Linux kernel. A memory leak could occur in kvmiobusunregisterdev upon a kmalloc failure. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not available or the currently available...
CVE-2020-36310
A flaw was found in the Linux kernel. A nested page fault is created when an address does not have a memslot associated to it. The highest threat from this vulnerability is to system availability. This flaw can be triggered using a malformed Virtual Machine. When triggered this bug will lead to t...
Oracle Linux 7 : nettle (ELSA-2021-1145)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-1145 advisory. 2.7.1-9 - Port fixes for potential miscalculation in ecdsaverify 1943156 Tenable has extracted the preceding description block directly from the Oracle Linux...
CVE-2021-3413
A flaw was found in Red Hat Satellite in tfm-rubygem-foremanazurerm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity ...
CVE-2021-3413
A flaw was found in Red Hat Satellite in tfm-rubygem-foremanazurerm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity ...
Design/Logic Flaw
A flaw was found in Red Hat Satellite in tfm-rubygem-foremanazurerm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity ...