xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability

A flaw was found in X.Org Server. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2020-25692

A NULL pointer dereference flaw was found in the OpenLDAP server, during a request for renaming RDNs. This flaw allows a remote, unauthenticated attacker to crash the slapd process by sending a specially crafted request, causing a denial of service. The highest threat from this vulnerability is t...

cryptsetup: Out-of-bounds write when validating segments

A flaw was found in the way cryptsetup parses encrypted images with invalid segments. This flaw allows a local attacker to crash an application compiled with cryptsetup, or in some cases, cause arbitrary code execution when parsing specially crafted encrypted images. The highest threat from this...

libuv: buffer overflow in realpath

A flaw has been found in libuv. The realpath implementation performs an incorrect calculation when allocating a buffer, leading to a potential buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2020-25652

A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in /run/spice-vdagentd/spice-vdagent-sock. This flaw allows any unprivileged local guest user to prevent legitimate agents from connecting to the...

CVE-2020-25653

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw allows an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highes...

CVE-2020-25650

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. This flaw allows any unprivileged local guest user with access to the UNIX domain socket path /run/spice-vdagentd/spice-vdagent-sock to perform a memory denial of service for...

CVE-2020-25651

A flaw was found in the SPICE file transfer protocol. File data from the host system can partially or fully end up in the client connection of an unauthorized local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highe...

bind: truncated TSIG response can lead to an assertion failure

A flaw was found in bind. An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request. The highest threat from this vulnerability is to system availability...

libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c

A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability...

squid: Request smuggling and poisoning attack against the HTTP cache

A flaw was found in squid. A trusted client is able to perform a request smuggling and poison the HTTP cache contents with crafted HTTPS request messages. This attack requires an upstream server to participate in the smuggling and generate the poison response sequence. The highest threat from thi...

squid: Improper input validation could result in a DoS

A flaw was found in squid. A denial of service attack is possible due to an improper input validation. The highest threat from this vulnerability is to system availability...

tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

ipa: No password length restriction leads to denial of service

A flaw was found in IPA. When sending a very long password = 1,000,000 characters to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability...

webkitgtk: Use-after-free may lead to application termination or arbitrary code execution

A flaw was found in webkitgtk in versions prior to 2.28.4 and in WPE WebKit in versions prior to 2.28.4. A use-after-free issue was found allowing a remote attacker to cause unexpected application termination or arbitrary code execution. The highest threat from this vulnerability is to data...

kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS

A flaw was found in the Linux kernel. The cryptoreport function mishandles resource cleanup on error. A local attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability...

glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions

A flaw was found in glibc in versions prior to 2.32. Pseudo-zero values are not validated causing a stack corruption due to a stack-based overflow. The highest threat from this vulnerability is to system availability...

kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS

A flaw was found in the Linux kernel’s implementation of biovecs. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device,...

kernel: bad kfree in auditfilter.c may lead to escalation of privilege

A flaw was found in the Linux kernel. A logic error in auditdatatoentry can lead to a local escalation of privilege without user interaction needed. A local attacker with special user privilege could crash the system leading to information leak. The highest threat from this vulnerability is to da...

kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c

A use-after-free flaw was found in the way the Linux kernel's filesystem subsystem handled a race condition in the chrdevopen function. This flaw allows a privileged local user to starve the resources, causing a denial of service or potentially escalating their privileges. The highest threat from...