Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2021-1378)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2021-1564)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

grub2 buffer overflow vulnerability (CNVD-2021-16935)

grub2 is a Linux system boot program from the GNU community. A security vulnerability exists in versions of grub2 prior to 2.06. Setparamprefix in the menu presentation code performs length calculations based on the premise that it takes three characters to represent a single quote with a quotati...

Oracle Linux 8 : grub2 (ELSA-2021-0696)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0696 advisory. - Add CVE-2020-15706, CVE-2020-15707 to the list Orabug: 31225072 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 7 : grub2 (ELSA-2021-0699)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0699 advisory. - Fix another batch of CVEs Resolves: CVE-2020-14372 Resolves: CVE-2020-25632 Resolves: CVE-2020-25647 Resolves: CVE-2020-27749 Resolves: CVE-2020-2777...

CVE-2021-20268

An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls devmapinitmap or sockmapalloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from thi...

nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion

A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...

nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion

A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...

CVE-2020-0423

A use-after-free flaw was found in the binderreleasework of binder.c due to improper locking. This flaw can lead to the local escalation of privileges in the kernel where no additional execution privileges are needed. User interaction is not needed for exploitation. The highest threat to this...

EulerOS Virtualization for ARM 64 3.0.6.0 : libX11 (EulerOS-SA-2021-1556)

According to the versions of the libX11 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An integer overflow leading to a heap-buffer overflow was found in The X Input Method XIM client was implemented in...

EulerOS Virtualization for ARM 64 3.0.6.0 : xorg-x11-server (EulerOS-SA-2021-1564)

According to the versions of the xorg-x11-server packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer...

EulerOS Virtualization for ARM 64 3.0.6.0 : nss (EulerOS-SA-2021-1562)

According to the versions of the nss packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in ...

EulerOS Virtualization for ARM 64 3.0.6.0 : binutils (EulerOS-SA-2021-1580)

According to the versions of the binutils package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor BFD library aka libbfd, as distributed ...

EulerOS Virtualization for ARM 64 3.0.6.0 : libvirt (EulerOS-SA-2021-1526)

According to the version of the libvirt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A double free memory issue was found to occur in the libvirt API responsible for requesting information about network...

EulerOS Virtualization 3.0.6.6 : postgresql (EulerOS-SA-2021-1511)

According to the version of the postgresql packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. A...

EulerOS Virtualization for ARM 64 3.0.6.0 : spdk (EulerOS-SA-2021-1528)

According to the versions of the spdk package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of...

CVE-2020-7929

A flaw was found in mongodb. A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for $regex. The highest threat from this vulnerability is to system availability...

CVE-2018-25004

An improper input validation flaw causing a denial-of-service found in MongoDB. An attacker can perform a specific type of query which issues a generic explain command on a find query causing denial-of-service. The highest threat from this vulnerability is to the system availability...

CVE-2021-20233

A flaw was found in grub2 in versions prior to 2.06. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one...

CVE-2020-27779

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest...