Lucene search
K

5093 matches found

RedhatCVE
RedhatCVE
added 2021/03/29 6:48 p.m.29 views

CVE-2020-9947

A flaw was found in WebKitGTK and WPE WebKit in versions prior to 2.30.0. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS5.1AI score0.0163EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/03/29 6:14 p.m.32 views

CVE-2021-20296

A flaw was found in OpenEXR. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability...

5.3CVSS2AI score0.01747EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/03/29 6:2 p.m.57 views

CVE-2021-23358

A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

7.2CVSS3.9AI score0.04087EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2021/03/29 11:12 a.m.2 views

cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution

A flaw was found in cron-utils. End applications passing unsanitized user input which is subsequently parsed by the @Cron annotation can allow an attacker to execute arbitrary expressions using JavaEL which will be implicitly executed by the constraint validator. The highest threat from this...

8.1CVSS7.5AI score0.04204EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/03/28 10:15 p.m.17 views

CVE-2017-16099

A flaw was found in nodejs-no-case, where the no-case module is vulnerable to a regular expression denial of service. This issue occurs when malicious untrusted user input is passed into no-case and blocks the event loop, resulting in a denial of service. The highest threat from this vulnerabilit...

7.5CVSS3.5AI score0.01584EPSS
Exploits0References2
OSV
OSV
added 2021/03/27 2:27 p.m.7 views

MGASA-2021-0156 Updated imagemagick packages fix security vulnerabilities

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability CVE-2021-20241. A flaw was found in...

7.1CVSS5.6AI score0.01228EPSS
Exploits0References4
Mageia
Mageia
added 2021/03/27 2:27 p.m.48 views

Updated imagemagick packages fix security vulnerabilities

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability CVE-2021-20241. A flaw was found in...

7.1CVSS0.9AI score0.01228EPSS
Exploits0References3
OSV
OSV
added 2021/03/26 10:15 p.m.33 views

CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

7.2CVSS6.6AI score
Exploits0References2
Prion
Prion
added 2021/03/26 10:15 p.m.22 views

Design/Logic Flaw

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

6.5CVSS6.8AI score0.01525EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2021/03/26 10:15 p.m.37 views

CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

7.2CVSS6.6AI score0.01525EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/03/26 9:34 p.m.28 views

CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

7.4AI score0.01525EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2021/03/26 9:34 p.m.708 views

CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

7.2CVSS7.1AI score0.01525EPSS
Exploits0
CVE
CVE
added 2021/03/26 9:34 p.m.472 views

CVE-2021-20206

CVE-2021-20206 involves containernetworking/cni before 0.8.1 where the network configuration field type can include path traversal ("../"), allowing an authenticated attacker to reference and execute binaries outside the plugin directory (e.g., reboot). Impact affects confidentiality, integrity, ...

7.2CVSS6.8AI score0.01525EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2021/03/26 9:34 p.m.27 views

CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

7.2CVSS6.5AI score0.01525EPSS
Exploits0
NVD
NVD
added 2021/03/26 5:15 p.m.15 views

CVE-2021-20284

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in bfdelfslurpsecondaryrelocsection in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability...

5.5CVSS0.01287EPSS
Exploits1References4
NVD
NVD
added 2021/03/26 5:15 p.m.12 views

CVE-2021-20285

A flaw was found in upx canPack in plxelf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service SEGV or buffer overflow and application crash or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability...

8.3CVSS0.00751EPSS
Exploits1References2
NVD
NVD
added 2021/03/26 5:15 p.m.17 views

CVE-2021-20271

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from th...

7CVSS0.00827EPSS
Exploits0References7
OSV
OSV
added 2021/03/26 5:15 p.m.1 views

DEBIAN-CVE-2021-20284

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in bfdelfslurpsecondaryrelocsection in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability...

5.5CVSS9.1AI score0.01287EPSS
Exploits1References1
OSV
OSV
added 2021/03/26 5:15 p.m.2 views

DEBIAN-CVE-2021-20285

A flaw was found in upx canPack in plxelf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service SEGV or buffer overflow and application crash or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability...

6.6CVSS7.1AI score0.00751EPSS
Exploits1References1
OSV
OSV
added 2021/03/26 5:15 p.m.26 views

CVE-2021-20271

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from th...

7CVSS6.7AI score
Exploits0References7
Rows per page
Query Builder