CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5093 matches found

Cvelist•added 2021/02/23 10:31 p.m.•18 views

CVE-2021-20256

A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

5.8AI score0.00257EPSS

Exploits0References1

CVE•added 2021/02/23 10:31 p.m.•92 views

CVE-2021-20256

The CVE-2021-20256 issue affects Red Hat Satellite (6.10 on Red Hat Enterprise Linux 7) where the BMC controller API could disclose the password to an authenticated local attacker with view_hosts permission. Described in RHSA-2021:4702 and linked advisories, the vulnerability impacts confidential...

5.3CVSS5.4AI score0.00257EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/02/23 10:24 p.m.•25 views

CVE-2021-20252

A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal...

6.5AI score0.00972EPSS

Exploits0References1

NVD•added 2021/02/23 10:15 p.m.•48 views

CVE-2021-20182

A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as...

8.8CVSS0.01145EPSS

Exploits0References1

Prion•added 2021/02/23 10:15 p.m.•26 views

Privilege escalation

6.5CVSS9AI score0.01145EPSS

Exploits0References1Affected Software1

CVE•added 2021/02/23 9:32 p.m.•203 views

CVE-2021-20182

CVE-2021-20182 describes a privilege-escalation flaw in the OpenShift builder component openshift4/ose-docker-builder. The build container runs with high privileges in a chrooted environment instead of using runc, which could allow an attacker with access to the build container to access raw node...

8.8CVSS9AI score0.01145EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/02/23 9:32 p.m.•45 views

CVE-2021-20182

9.2AI score0.01145EPSS

Exploits0References1

RedhatCVE•added 2021/02/23 8:3 p.m.•30 views

CVE-2020-35523

An integer overflow flaw was found in libtiff that exists in the tifgetimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS4.9AI score0.01922EPSS

Exploits0References5

RedhatCVE•added 2021/02/23 8:3 p.m.•45 views

CVE-2020-35524

A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS3.7AI score0.01851EPSS

Exploits0References5

RedhatCVE•added 2021/02/23 7:34 p.m.•35 views

CVE-2021-22883

A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...

7.8CVSS7.4AI score0.77385EPSS

Exploits0References3

NVD•added 2021/02/23 7:15 p.m.•16 views

CVE-2020-27782

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This...

7.8CVSS0.01269EPSS

Exploits0References1

OSV•added 2021/02/23 7:15 p.m.•6 views

CVE-2020-27782

7.5CVSS7.2AI score

Exploits0References1

UbuntuCve•added 2021/02/23 7:15 p.m.•26 views

CVE-2020-27782

7.8CVSS6.7AI score0.01269EPSS

Exploits0References1

Prion•added 2021/02/23 6:15 p.m.•16 views

Design/Logic Flaw

A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this...

6.8CVSS8.5AI score0.01833EPSS

Exploits0References1Affected Software1

CVE•added 2021/02/23 5:45 p.m.•149 views

CVE-2021-20198

OpenShift CVE-2021-20198 affects the OpenShift Installer during OpenShift Container Platform 4 cluster installation: bootstrap nodes are provisioned with anonymous authentication on kubelet port 10250, allowing unauthenticated /exec requests to run commands in containers. This is addressed in Red...

8.1CVSS8.5AI score0.01833EPSS

Exploits0References1Affected Software1

NVD•added 2021/02/23 5:15 p.m.•15 views

CVE-2021-20226

A use-after-free flaw was found in the iouring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not...

7.8CVSS0.0044EPSS

Exploits0References2

OSV•added 2021/02/23 5:15 p.m.•8 views

CVE-2021-20226

7.8CVSS6.4AI score

Exploits0References2

Prion•added 2021/02/23 5:15 p.m.•20 views

Design/Logic Flaw

6.1CVSS7.2AI score0.0044EPSS

Exploits0References2Affected Software1

UbuntuCve•added 2021/02/23 5:15 p.m.•21 views

CVE-2021-20226