Lucene search
K

5093 matches found

Tenable Nessus
Tenable Nessus
added 2021/03/23 12:0 a.m.32 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : LibTIFF vulnerabilities (USN-4755-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4755-1 advisory. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into...

7.8CVSS7.6AI score0.01922EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2021/03/23 12:0 a.m.42 views

CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

5.5CVSS6.1AI score0.00528EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2021/03/22 6:58 p.m.42 views

CVE-2021-28952

A flaw was found in the Linux kernel. The soundwire device driver has a buffer overflow when an unexpected port ID number is encountered. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS3.7AI score0.00378EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/03/22 10:58 a.m.46 views

CVE-2021-28957

A flaw was found in python-lxml. The HTML5 formaction attribute is not input sanitized like the HTML action attribute is which can lead to a Cross-Site Scripting attack XSS when an application uses python-lxml to sanitize user inputs. The highest threat from this vulnerability is to data...

6.1CVSS1.2AI score0.04002EPSS
Exploits1References3
Amazon
Amazon
added 2021/03/20 12:0 a.m.40 views

Important: bind

Issue Overview: A buffer overflow flaw was found in the SPNEGO implementation used by BIND. This flaw allows a remote attacker to cause the named process to crash or possibly perform remote code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as...

8.1CVSS8AI score0.64161EPSS
Exploits0
Amazon
Amazon
added 2021/03/20 12:0 a.m.31 views

Important: xterm

Issue Overview: A flaw was found in xterm. A specially crafted sequence of combining characters causes an out of bounds write leading to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2021-27135 Affected...

9.8CVSS9.9AI score0.07541EPSS
Exploits1
Amazon
Amazon
added 2021/03/20 12:0 a.m.38 views

Medium: glibc

Issue Overview: A flaw was found in glibc's iconv functionality. This flaw allows an attacker capable of supplying a crafted sequence of characters to an application using iconv to convert from ISO-2022-JP-3 to cause an assertion failure. The highest threat from this vulnerability is to system...

7.5CVSS6.8AI score0.03093EPSS
Exploits0
NVD
NVD
added 2021/03/19 9:15 p.m.12 views

CVE-2019-10200

A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS I...

9CVSS0.01289EPSS
Exploits0References2
OSV
OSV
added 2021/03/19 9:15 p.m.18 views

CVE-2019-10200

A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS I...

7.2CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2021/03/19 9:15 p.m.16 views

Default credentials

A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS I...

9CVSS6.9AI score0.01289EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/03/19 8:28 p.m.85 views

CVE-2019-10200

CVE-2019-10200 affects OpenShift Container Platform 4. By default, users who can create pods may schedule workloads on master nodes. If such pods use hostNetwork on a master node, they can retrieve credentials for the master AWS IAM role, potentially granting management access to AWS resources an...

9CVSS6.9AI score0.01289EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2021/03/19 7:0 p.m.48 views

CVE-2021-27358

A flaw was found in Grafana. The snapshot feature allows unauthenticated remote attackers to trigger a denial of service DoS via a remote API call if anonymous access is enabled. The highest threat from this vulnerability is to system availability...

7.5CVSS5.7AI score0.83042EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/03/19 5:52 a.m.30 views

CVE-2018-3774

A flaw was found in nodejs-url-parse. The wrong hostname can be returned, due to incorrect parsing, which can lead to a variety of vulnerabilities. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

10CVSS3.6AI score0.03805EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2021/03/19 5:36 a.m.24 views

CVE-2018-13797

A flaw was found in nodejs-macaddress. The module allows unsanitized input to an exec call which can lead to an arbitrary command injection flaw. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS4.4AI score0.06664EPSS
Exploits1References2
NVD
NVD
added 2021/03/18 7:15 p.m.18 views

CVE-2020-35492

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untruste...

7.8CVSS0.01112EPSS
Exploits0References2
OSV
OSV
added 2021/03/18 7:15 p.m.35 views

CVE-2020-35492

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untruste...

7.8CVSS5AI score
Exploits0References2
CVE
CVE
added 2021/03/18 6:59 p.m.444 views

CVE-2020-35492

CVE-2020-35492 affects cairo’s image-compositor.c in all versions before 1.17.4. A crafted input file can cause a stack buffer overflow (out-of-bounds write), with impact on confidentiality, integrity, and availability. Root cause: unchecked memory/write in image-compositor when processing untrus...

7.8CVSS7.5AI score0.01112EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/18 6:59 p.m.20 views

CVE-2020-35492

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untruste...

7.6AI score0.01112EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2021/03/18 6:59 p.m.26 views

CVE-2020-35492

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untruste...

7.8CVSS6.7AI score0.01112EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/03/18 6:59 p.m.35 views

CVE-2020-35492

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untruste...

7.8CVSS7.7AI score0.01112EPSS
Exploits0
Rows per page
Query Builder