EulerOS 2.0 SP8 : xorg-x11-server (EulerOS-SA-2020-2326)

According to the versions of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2020-2326)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

darkhttpd -- DOS vulnerability

Mitre reports: flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability...

EulerOS 2.0 SP8 : libX11 (EulerOS-SA-2020-2313)

According to the versions of the libX11 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow leading to a heap-buffer overflow was found in The X Input Method XIM client was implemented in libX11 before version 1.6.10...

CVE-2020-25690

An out-of-bounds write flaw was found in FontForge while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is t...

EulerOS 2.0 SP5 : libldb (EulerOS-SA-2020-2253)

According to the version of the libldb packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before...

EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-2303)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have...

CVE-2020-14383

A flaw was found in Samba's DNS server. This flaw allows an authenticated user to crash the RPC server. The RPC server, which also serves protocols other than the DNS server, is restarted after a short delay, however, an authenticated non-administrative attacker can cause a crash as soon as it...

CVE-2020-10675

A flaw was found in golang-github-buger-jsonparser. The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service infinite loop via a delete call. The highest threat from this vulnerability is to system availability...

Important: dovecot

Issue Overview: A flaw was found in dovecot. A remote attacker could cause a denial of service by repeatedly sending emails containing MIME parts containing malicious content of which dovecot will attempt to parse. The highest threat from this vulnerability is to system availability. In Dovecot...

Amazon Linux 2 : kernel (ALAS-2020-1520)

The version of kernel installed on the remote host is prior to 4.14.200-155.322. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1520 advisory. A flaw was found in the Linux kernel. When changing screen size, an out-of-bounds memory write can occur leading t...

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

jackson-databind: serialization in weblogic/oracle-aqjms

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider

A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jackson-databind: Serialization gadgets in anteros-core

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

foreman: unauthorized cache read on RPM-based installations through local user

A flaw was found in Red Hat Satellite. An attacker could gain access to cache files further allowing access to cached credentials that could help the attacker to gain complete control of the Satellite instance. The highest threat from this vulnerability is to data confidentiality and integrity as...

jackson-databind: Serialization gadgets in org.springframework:spring-aop

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2020-25654

An ACL bypass flaw was found in Pacemaker. This flaw allows an attacker with a local account on the cluster and in the haclient group to use IPC communication with various daemons to directly perform certain tasks that would be prevented if they had gone through configured ACLs. The highest threa...

Medium: libcroco

Issue Overview: A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated attacker, or an attacker utilizing social engineering, using a crafted input. The highest threat from this vulnerability is to system availability...

kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege

A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...