CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2021/02/01 12:0 a.m.•35 views

EulerOS 2.0 SP8 : postgresql-jdbc (EulerOS-SA-2021-1165)

According to the version of the postgresql-jdbc package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity XXE weakness was found in PostgreSQL JDBC. The...

7.7CVSS7.3AI score0.04094EPSS

Exploits0References2

Tenable Nessus•added 2021/02/01 12:0 a.m.•43 views

EulerOS 2.0 SP8 : dnsmasq (EulerOS-SA-2021-1138)

According to the versions of the dnsmasq packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the...

8.3CVSS7.9AI score0.86692EPSS

Exploits2References8

RedhatCVE•added 2021/01/29 6:34 p.m.•44 views

CVE-2021-3347

A flaw was found in the Linux kernel. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as syste...

7.8CVSS4.8AI score0.01377EPSS

Exploits1References3

RedhatCVE•added 2021/01/28 8:56 p.m.•56 views

CVE-2021-3326

A flaw was found in glibc's iconv functionality. This flaw allows an attacker capable of supplying a crafted sequence of characters to an application using iconv to convert from ISO-2022-JP-3 to cause an assertion failure. The highest threat from this vulnerability is to system availability...

7.5CVSS1.1AI score0.03093EPSS

RedhatCVE•added 2021/01/28 8:24 p.m.•43 views

CVE-2021-26117

A flaw was found in activemq. When anonymous binds are enabled on the LDAP provider zero length DN/password and the LDAP module is configured to make use of these, client credentials are not correctly verified and authentication is effectively bypassed. The highest threat from this vulnerability ...

8.1CVSS3.2AI score0.11239EPSS

RedhatCVE•added 2021/01/28 2:24 a.m.•35 views

CVE-2020-27827

A flaw was found in multiple versions of Open vSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability...

7.5CVSS7.3AI score0.03235EPSS

Exploits0References4

RedHat Linux•added 2021/01/27 1:15 a.m.•32 views

sudo: Heap buffer overflow in argument parsing

A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command by default, any local user can execute sudo without authentication. Successful exploitation of this flaw coul...

RedHat Linux•added 2021/01/27 12:53 a.m.•2 views

sudo: Heap buffer overflow in argument parsing

Virtuozzo•added 2021/01/27 12:0 a.m.•97 views

[Important] [Security] Fix for a vulnerability in sudo, CVE-2021-3156, for Virtuozzo Hybrid Server 7.x and Virtuozzo 6

The update fixes the vulnerability in sudo registered as CVE-2021-3156. The new sudo packages are available for Virtuozzo Hybrid Server 7.x and Virtuozzo 6. Vulnerability id: CVE-2021-3156 A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line...

7.8CVSS8.4AI score0.99295EPSS

Exploits81References3

RedHat Linux•added 2021/01/26 8:51 p.m.•5 views

sudo: Heap buffer overflow in argument parsing

RedHat Linux•added 2021/01/26 8:6 p.m.•8 views

sudo: Heap buffer overflow in argument parsing

RedhatCVE•added 2021/01/26 7:51 p.m.•51 views

CVE-2021-3156

7.8CVSS0.5AI score0.99295EPSS

Exploits81References5

RedHat Linux•added 2021/01/26 7:47 p.m.•4 views

sudo: Heap buffer overflow in argument parsing

RedhatCVE•added 2021/01/26 11:53 a.m.•43 views

CVE-2020-0466

A flaw was found in the Linux kernel. A logic error in eventpoll.c can cause a use-after-free, leading to a local escalation of privilege with no additional execution privileges. User interaction is not needed for exploitation. The highest threat from this vulnerability is to confidentiality,...

7.8CVSS2.3AI score0.00268EPSS

RedhatCVE•added 2021/01/26 11:53 a.m.•43 views

CVE-2020-0444

A flaw was found in the Linux kernel. A logic error in auditdatatoentry can lead to a local escalation of privilege without user interaction needed. A local attacker with special user privilege could crash the system leading to information leak. The highest threat from this vulnerability is to da...

7.8CVSS1.9AI score0.00213EPSS

RedhatCVE•added 2021/01/26 11:23 a.m.•25 views

CVE-2020-14409

A flaw was found in SDL2. An attacker who is able to submit a crafted file to an application depending on SDL2's functionality could trigger an integer overflow and subsequent out-of-bounds write. The highest impact is to data confidentiality and integrity as well as system availability...

7.8CVSS3.7AI score0.01311EPSS