CVE-2021-24112

A flaw was found in dotnet. When a .NET application utilizing libgdiplus on a non-Windows system accepts input, this flaw allows an attacker to send a specially crafted request that could result in remote code execution. The highest threat from this vulnerability is to confidentiality, integrity,...

podman: container users permissions are not respected in privileged containers

A flaw was found in podman. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It doe...

CVE-2020-27222

A flaw was found in californium. The certificate based x509 and RPK DTLS handshakes fails due to the DTLS server side being set to a wrong internal state by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The highest threat from this vulnerability is to system...

CVE-2021-27803

A flaw was found in the wpasupplicant, in the way it processes P2P Wi-Fi Direct provision discovery requests. This flaw allows an attacker who is within radio range of the device running P2P discovery to cause termination of the wpasupplicant process or potentially cause code execution. The highe...

ImageMagick De-Zero Vulnerability (CNVD-2021-23799)

Imagemagick Studio ImageMagick is a suite of open source image processing software from the American company ImageMagick Studio. The software can read, convert or write images in a variety of formats. A de-zero vulnerability exists in MagickCore/resample.c in versions of ImageMagick prior to...

ImageMagick De-Zero Vulnerability

Imagemagick Studio ImageMagick is a suite of open source image processing software from the American company ImageMagick Studio. The software can read, convert or write images in a variety of formats. A de-zero vulnerability exists in coders/jp2.c in versions prior to ImageMagick 7.0.10-62. An...

CVE-2020-28243

A flaw was found in Salt. A privilege escalation is possible on a SaltStack minion when an unprivileged user can create files in any non-blacklisted directory via command injection in a process name. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

CVE-2021-25283

A flaw was found in Salt. The jinja renderer does not protect against server-side template injection attacks. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2021-3144

A flaw was found in Salt where tokens can be used once after expiration. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2020-35662

A flaw was found in Salt where several places did not verify the SSL cert by default. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2021-3197

A flaw was found in Salt. The Salt-API’s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2021-25281

A flaw was found in Salt. The Salt-API does not have eAuth credentials for the wheelasync client. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

ImageMagick Studio ImageMagick 数字错误漏洞

Imagemagick Studio ImageMagick is a suite of open source image processing software from the American company ImageMagick Studio. The software can read, convert or write images in a variety of formats. A de-zero vulnerability exists in coders/jp2.c in versions prior to ImageMagick 7.0.10-62. An...

CVE-2021-20259

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2021-20260

A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Medium: python27, python36, python38

Issue Overview: A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer...

CVE-2021-20256

A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2021-20252

A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal...

Denial of service

A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal...

Design/Logic Flaw

A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...