KLA12001 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of...

CVE-2020-25704

A memory leak flaw was found in the Linux kernel’s performance monitoring subsystem when using PERFEVENTIOCSETFILTER. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for...

CVE-2020-25592

A flaw was found in salt. Invalid eauth credentials and tokens are not handled correctly when calling Salt SSH via the salt-api which could allow an attacker to bypass authentication and gain access to restricted information or to possibly conduct further attacks. The highest threat from this...

CVE-2020-16846

A flaw was found in salt. A shell injection vulnerability was found where an unauthenticated user with network access to the Salt API can use shell injections to run code on the Salt-API using the SSH client. An attacker could use this flaw to cause a denial of service, information disclosure, or...

Oracle Linux 6 : xorg-x11-server (ELSA-2020-4953)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4953 advisory. 1.17.4-18.0.1 - Fix regression from the patch for Orabug 27204421 which crashes Xvfb Orabug: 28485058 - Fix X consumes 100% CPU if messagebus restarted...

Oracle Linux 7 : xorg-x11-server (ELSA-2020-4910)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4910 advisory. - CVE fixes for: CVE-2020-14345 1872389, CVE-2020-14346 1872393, CVE-2020-14361 1872400, CVE-2020-14362 1872407 Tenable has extracted the preceding...

CVE-2020-25661

A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on...

Design/Logic Flaw

A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on...

CVE-2020-25661

A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on...

CVE-2020-25661

CVE-2020-25661 describes a Red Hat-specific regression in the Linux kernel Bluetooth stack: improper handling of L2CAP packets with A2MP CID can allow a remote attacker in adjacent range to crash the system or potentially execute arbitrary code via a crafted L2CAP packet. The impact affects confi...

CVE-2020-25661

A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on...

CVE-2020-8036

An out-of-bounds read vulnerability was discovered in tcpdump while printing SOME/IP packets captured in a pcap file or coming from the network. This flaw allows a remote attacker to send specially crafted packets that, when printed, can trigger the flaw and crash the application. The highest...

xorg-x11-server: Out-of-bounds access in XkbSetNames function

A flaw was found in X.Org Server. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

xorg-x11-server: XkbSelectEvents integer underflow privilege escalation vulnerability

A flaw was found in X.Org Server. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

xorg-x11-server: Integer underflow in the X input extension protocol

A flaw was found in xorg-x11-server. A integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability

A flaw was found in X.Org Server. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-2476)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : libX11 (ELSA-2020-4908)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4908 advisory. 1.6.7-3 - Fix CVE-2020-14363 1873922 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus ha...

xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS

A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The highest threat from this vulnerability is to system availability...

xorg-x11-server: Integer underflow in the X input extension protocol

A flaw was found in xorg-x11-server. A integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...