CVE-2021-20176

A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability...

CVE-2021-20176

A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability...

CVE-2021-20216

A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability...

CVE-2020-9492

A flaw was found in Apache hadoop. The WebHDFS client can send a SPNEGO authorization header to a remote URL without proper verification which could lead to an access restriction bypass. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

CVE-2021-21604

A flaw was found in jenkins. An attacker with permission to create or configure various objects to inject crafted content into Old Data Monitor can cause the instantiation of potentially unsafe objects once discarded by an administrator. The highest threat from this vulnerability is to data...

CVE-2021-21605

A flaw was found in jenkins. Users with Agent/Configure permissions can choose agent names that cause an override to the global config.xml file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

MGASA-2021-0064 Updated python and python3 packages fix security vulnerability

A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack an...

Updated python and python3 packages fix security vulnerability

A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack an...

CVE-2021-20176

A divide-by-zero flaw was found in ImageMagick in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability...

EulerOS 2.0 SP5 : xorg-x11-server (EulerOS-SA-2021-1239)

According to the versions of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the X.Org Server. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerabilit...

Oracle Linux 7 : libvirt (ELSA-2020-5961)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5961 advisory. - qemu: remove use of qemuDomainObjBeginJobWithAgent Jonathon Jongsma Orabug: 31990187 CVE-2019-20485 - qemu: dont hold monitor and agent job when setting time...

EulerOS 2.0 SP5 : dpdk (EulerOS-SA-2021-1241)

According to the versions of the dpdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copydata function leads to a buffer...

CVE-2020-25644

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory OOM issue, leading to a denial of service. The highest threat from this vulnerability is to system availability. Mitigation...

glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions

A flaw was found in glibc in versions prior to 2.32. Pseudo-zero values are not validated causing a stack corruption due to a stack-based overflow. The highest threat from this vulnerability is to system availability...

CVE-2021-20218

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and...

CVE-2020-17523

A flaw was found in Apache Shiro. When using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. The highest threat from this vulnerability is to data confidentiality, integrity as well as system availability...

Huawei EulerOS: Security Advisory for postgresql-jdbc (EulerOS-SA-2021-1165)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2021-1156)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-3345

A flaw was found in libgcrypt. A heap-based buffer overflow in the block buffer management code may lead to memory corruption before any verification is made or signature is validated. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabili...