Lucene search
K

5093 matches found

RedHat Linux
RedHat Linux
added 2021/03/16 1:41 p.m.2 views

bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible

A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data...

8.1CVSS6.8AI score0.0714EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/03/16 1:37 p.m.4 views

bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible

A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data...

8.1CVSS6.8AI score0.0714EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/03/16 1:19 p.m.5 views

bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible

A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data...

8.1CVSS6.8AI score0.0714EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/03/16 1:19 p.m.2 views

jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client

A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...

7.1CVSS5.8AI score0.01089EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/16 9:28 a.m.4 views

kernel: performance counters race condition use-after-free

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integri...

7.8CVSS6.8AI score0.00302EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/03/15 6:58 p.m.40 views

CVE-2021-28210

A flaw was found in edk2. An unlimited recursion in DxeCore may allow an attacker to corrupt the system memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS6.3AI score0.00399EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/03/15 5:2 p.m.38 views

CVE-2021-28211

A flaw was found in edk2. A possible heap corruption in LzmaUefiDecompressGetInfo function may allow an attacker to execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

6.7CVSS3.9AI score0.00386EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2021/03/15 2:36 p.m.5 views

openvswitch: limitation in the OVS packet parsing in userspace leads to DoS

A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this...

7.8CVSS5.7AI score0.08026EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/03/15 2:35 p.m.7 views

openvswitch: limitation in the OVS packet parsing in userspace leads to DoS

A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this...

7.8CVSS5.7AI score0.08026EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2021/03/13 8:0 a.m.6 views

A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

...

6.7CVSS7AI score0.00402EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2021/03/12 9:33 p.m.68 views

Keycloak Missing authentication for critical function

A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality,...

6.8CVSS6.1AI score0.00329EPSS
Exploits0References3Affected Software1
Microsoft CVE
Microsoft CVE
added 2021/03/12 8:0 a.m.6 views

A flaw was found in grub2 in versions prior to 2.06 where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

...

7.5CVSS8.2AI score0.01738EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/03/12 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for libX11 (EulerOS-SA-2021-1662)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.00575EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/03/12 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for libldb (EulerOS-SA-2021-1606)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.2AI score0.0244EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/03/12 12:0 a.m.12 views

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2021-1669)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.5AI score0.99295EPSS
Exploits81References4
RedhatCVE
RedhatCVE
added 2021/03/11 11:3 p.m.36 views

CVE-2021-20271

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from th...

7CVSS7.2AI score0.00827EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/03/11 11:3 p.m.28 views

CVE-2021-20266

A flaw was found in RPM’s hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. Mitigation If using the headerCheck and headerImport APIs in your software, do not run...

4.9CVSS5.9AI score0.01706EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/03/11 3:8 p.m.32 views

CVE-2021-20284

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in bfdelfslurpsecondaryrelocsection in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability...

5.5CVSS1.5AI score0.01287EPSS
Exploits1References3
Microsoft CVE
Microsoft CVE
added 2021/03/11 8:0 a.m.2 views

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents using a 1kB stack buffer for temporary storage without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload it is possible to overflow the stack buffer corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

...

7.2CVSS8.2AI score0.00573EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2021/03/11 8:0 a.m.3 views

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

...

7.2CVSS8.2AI score0.01017EPSS
Exploits0
Rows per page
Query Builder