5093 matches found
openssl: EDIPARTYNAME NULL pointer de-reference
A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERALNAMEcmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability...
CVE-2021-27135
A flaw was found in xterm. A specially crafted sequence of combining characters causes an out of bounds write leading to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Mitigation This vulnerability can be...
CVE-2020-35498
A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this...
CVE-2021-27017
A flaw was found in puppet-agent. Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2020-35498
A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this...
CVE-2020-17525
A null-pointer-dereference flaw was found in modauthzsvn of subversion. This flaw allows a remote, unauthenticated attacker to cause a denial of service in some server configurations. The highest threat from this vulnerability is to system availability. Mitigation As per upstream "As a workaround...
CVE-2021-1721
A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability...
dotnet: certificate chain building recursion Denial of Service
A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability...
dotnet: certificate chain building recursion Denial of Service
A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability...
dotnet: certificate chain building recursion Denial of Service
A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability...
dotnet: certificate chain building recursion Denial of Service
A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability...
CVE-2021-20188
A flaw was found in podman. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It doe...
CVE-2021-20200
A flaw was found in the Linux kernel. A race condition in mm/mmap.c in VMA access could allow a local attacker with user privileges to crash the system or lead to information leakage. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...
CVE-2020-10734
A flaw was found in keycloak. The OIDC logout endpoint does not have CSRF protection. The highest threat from this vulnerability is to system availability...
CVE-2021-26937
A flaw was found in screen. A specially crafted sequence of combining characters could cause an out of bounds write leading to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation This flaw is in...
Privilege Escalation
Qemu is vulnerable to privilege escalation attack. A race condition flaw was found in the 9pfs server implementation of QEMU. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability i...
Fedora 32 : privoxy (2021-f08e89a0d5)
The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-f08e89a0d5 advisory. - A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of...
CVE-2021-20181
A race condition flaw was found in the 9pfs server implementation of QEMU. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system...
CVE-2020-28476
A flaw was found in python-tornado. All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the...
CVE-2021-3344
A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to...