5093 matches found
CVE-2021-20244
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability...
CVE-2021-20244
ImageMagick vulnerability CVE-2021-20244 affects MagickCore/visual-effects.c. A crafted file processed by ImageMagick can trigger undefined behavior via division by zero, with the highest stated impact on availability. The connected documents confirm the flaw location and nature but do not provid...
CVE-2021-20246
CVE-2021-20246 — A flaw in ImageMagick's MagickCore/resample.c allows processing of a crafted image to trigger undefined behavior (division by zero). The highest threat is to availability. Exploitation details are not provided in the sources; no CVSS is given here beyond the NVD entry. Connected ...
CVE-2021-20241
CVE-2021-20241 affects ImageMagick, specifically the coders/jp2.c component. A crafted file processed by ImageMagick can trigger undefined behavior via a division-by-zero in jp2 processing. Impact is described as primarily to system availability. The CVE is corroborated by multiple connected reco...
CVE-2021-20253
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality a...
nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...
nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...
nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...
QEMU: virtiofsd: potential privileged host device access from guest
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. The highest threat from this vulnerability is to da...
Microsoft Edge (Chromium) < 89.0.774.45 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.45. It is, therefore, affected by multiple vulnerabilities as referenced in the March 4, 2021 advisory. - A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an...
CVE-2020-28502
An arbitrary code injection vulnerability was found in nodejs-xmlhttprequest. For this vulnerability to occur, the connection must be initialized during the function call XMLHttpRequest.open to send requests synchronously using the parameter async=False. If the subsequent calls to xhr.send...
CVE-2021-27365
A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
CVE-2021-27364
A flaw was found in the Linux kernel. An out-of-bounds read was discovered in the libiscsi module that could lead to reading kernel memory or a crash. The highest threat from this vulnerability is to data confidentiality as well as system availability. Mitigation The LIBISCSI module will be...
Huawei EulerOS: Security Advisory for spdk (EulerOS-SA-2021-1528)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2021-1448)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2021-1551)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2021-1411)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2021-1376)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-1454)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for nss-softokn (EulerOS-SA-2021-1536)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...