5094 matches found
CVE-2020-15112
A flaw was found in etcd, where it is possible to have an entry index greater than the number of entries in the ReadAll method in wal/wal.go. This can cause issues when WAL entries are being read during consensus, as an arbitrary etcd consensus participant can go down from a runtime panic when...
CVE-2020-14349
A flaw was found in PostgreSQL, where it did not properly sanitize the searchpath during logical replication. This flaw allows an authenticated attacker to use this flaw in an attack similar to CVE-2018-1058 to execute an arbitrary SQL command in the user's context for replication. The highest...
CVE-2020-12674
A flaw was found in dovecot. An attacker can use the way dovecot handles RPA Remote Passphrase Authentication to crash the authentication process repeatedly preventing login. The highest threat from this vulnerability is to system availability. Mitigation Upstream suggests that this flaw can be...
CVE-2020-12673
A flaw was found in dovecot. An out-of-bounds read flaw was found in the way dovecot handled NTLM authentication allowing an attacker to crash the dovecot auth process repeatedly preventing login. The highest threat from this vulnerability is to system availability. Mitigation Upstream suggests...
CVE-2020-14356
A use-after-free flaw was found in the Linux kernel’s cgroupv2 subsystem when rebooting the system. This flaw allows a local user to crash the system or escalate their privileges. The highest threat from this vulnerability is to system availability...
kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c
A flaw was found in the Linux kernel. The Marvell mwifiex driver allows a remote WiFi access point to trigger a heap-based memory buffer overflow due to an incorrect memcpy operation. The highest threat from this vulnerability is to data integrity and system availability...
CVE-2019-20795
A use-after-free flaw was found in iproute in the network namespace management component of the ip command-line utility. This flaw allows a local attacker to crash the program while displaying network namespaces. The highest threat from this vulnerability is to system availability...
CVE-2020-8116
A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...
CVE-2020-11993
A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by modhttp2 at debug/trace log level may lead to potential crashes and denial of service. The highest threat from this vulnerability is to system availability...
CVE-2020-11984
A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...
CVE-2020-17380
A flaw was found in QEMU. A heap-based buffer overflow vulnerability was found in the SDHCI device emulation support allowing a guest user or process to crash the QEMU process on the host resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU...
tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS
A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to...
nodejs-lodash: prototype pollution in zipObjectDeep function
A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability...
CloudForms: Out-of-band OS Command Injection through conversion host
An out-of-band OS command injection vulnerability was found in Red Hat CloudForms. An authenticated malicious attacker could execute arbitrary commands on the server by sending a specially crafted request. The highest threat from this vulnerability is to data confidentiality and integrity as well...
CVE-2020-15708
A flaw was found in libvirt, where an incorrect permissions issue occurs on the UNIX domain socket. This flaw allows a local attacker to access libvirt and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, and system availability...
Vulnerability of the Server component: Security: Privileges of the MySQL Server database management system, which allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the MySQL Server component relates to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS
A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to...
dbus: denial of service via file descriptor leak
An uncontrolled resource consumption vulnerability was discovered in D-Bus. The DBusServer leaks file descriptors when a message exceeds the per-message file descriptor limit. This flaw allows a local attacker with access to the D-Bus system bus or another system service's private AFUNIX socket, ...
CVE-2020-7017
A stored Cross-site scripting XSS flaw was found in the region map visualization in kibana. This flaw allows an attacker who can edit or create a region map visualization to obtain sensitive information or perform destructive actions on behalf of kibana users who view the region map visualization...
postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML
A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity XXE weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability...