CVE-2020-14376

A flaw was found in dpdk. A lack of bounds checking when copying ivdata from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2020-14375

A flaw was found in dpdk. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhostcrypto has validated it. The highest threat from this vulnerabilit...

CVE-2020-14374

A flaw was found in dpdk. A flawed bounds checking in the copydata function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhostcrypto application. The highest threat from this vulnerability is to data confidentiality and integri...

CVE-2020-14378

An integer underflow flaw was found in the movedesc function that can lead to large amounts of CPU cycles being consumed in a long-running loop. This flaw allows an attacker to cause movedesc to get stuck in a 4,294,967,295-count iteration loop. Depending on how vhostcrypto is being used, this...

CVE-2020-14377

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an...

CVE-2020-14374

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copydata function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhostcrypto application. The highest threat from this...

CVE-2020-14375

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhostcrypto has validate...

UBUNTU-CVE-2020-14375

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhostcrypto has validate...

CVE-2020-14376

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying ivdata from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as syst...

EulerOS 2.0 SP3 : ipa (EulerOS-SA-2020-2073)

According to the version of the ipa packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password = 1,000,000 characters to the server, the password hashing...

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown or otherwise rendered inaccessible until it is remounted leading to a denial of service. The highest threat from this vulnerability is to system availability.

...

CVE-2020-14351

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integri...

UBUNTU-CVE-2020-14351

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integri...

CVE-2020-7945

A flaw was found in Puppet. Local registry credentials were included directly in the CD4PE deployment definition, which exposes these credentials to users who should not have access to them. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availabilit...

CVE-2020-25559

A flaw was found in gnuplot. A double free memory issue when executing printsetoutput may result in context-dependent arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2020-24750

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.6. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and system availability. Mitigation The following conditions are needed for an...

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to...

nodejs-lodash: prototype pollution in zipObjectDeep function

A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability...

CVE-2020-10714

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

Design/Logic Flaw

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...