Lucene search
K

5094 matches found

RedhatCVE
RedhatCVE
added 2020/08/14 6:13 a.m.25 views

CVE-2020-15112

A flaw was found in etcd, where it is possible to have an entry index greater than the number of entries in the ReadAll method in wal/wal.go. This can cause issues when WAL entries are being read during consensus, as an arbitrary etcd consensus participant can go down from a runtime panic when...

4CVSS6.8AI score0.01256EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/08/13 12:43 p.m.37 views

CVE-2020-14349

A flaw was found in PostgreSQL, where it did not properly sanitize the searchpath during logical replication. This flaw allows an authenticated attacker to use this flaw in an attack similar to CVE-2018-1058 to execute an arbitrary SQL command in the user's context for replication. The highest...

8.8CVSS3.9AI score0.14142EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2020/08/13 4:13 a.m.30 views

CVE-2020-12674

A flaw was found in dovecot. An attacker can use the way dovecot handles RPA Remote Passphrase Authentication to crash the authentication process repeatedly preventing login. The highest threat from this vulnerability is to system availability. Mitigation Upstream suggests that this flaw can be...

5CVSS0.9AI score0.06187EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2020/08/13 4:13 a.m.30 views

CVE-2020-12673

A flaw was found in dovecot. An out-of-bounds read flaw was found in the way dovecot handled NTLM authentication allowing an attacker to crash the dovecot auth process repeatedly preventing login. The highest threat from this vulnerability is to system availability. Mitigation Upstream suggests...

5CVSS0.5AI score0.06187EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2020/08/12 8:15 p.m.28 views

CVE-2020-14356

A use-after-free flaw was found in the Linux kernel’s cgroupv2 subsystem when rebooting the system. This flaw allows a local user to crash the system or escalate their privileges. The highest threat from this vulnerability is to system availability...

7.2CVSS7.2AI score0.00965EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2020/08/12 11:45 a.m.8 views

kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c

A flaw was found in the Linux kernel. The Marvell mwifiex driver allows a remote WiFi access point to trigger a heap-based memory buffer overflow due to an incorrect memcpy operation. The highest threat from this vulnerability is to data integrity and system availability...

7.1CVSS7.4AI score0.01218EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/08/12 3:50 a.m.29 views

CVE-2019-20795

A use-after-free flaw was found in iproute in the network namespace management component of the ip command-line utility. This flaw allows a local attacker to crash the program while displaying network namespaces. The highest threat from this vulnerability is to system availability...

4.4CVSS2.1AI score0.00403EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2020/08/12 12:43 a.m.26 views

CVE-2020-8116

A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...

7.5CVSS3AI score0.03079EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2020/08/11 8:13 p.m.128 views

CVE-2020-11993

A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by modhttp2 at debug/trace log level may lead to potential crashes and denial of service. The highest threat from this vulnerability is to system availability...

4.3CVSS8.3AI score0.58716EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2020/08/11 8:13 p.m.319 views

CVE-2020-11984

A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...

7.5CVSS8.8AI score0.90039EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2020/08/11 6:13 p.m.34 views

CVE-2020-17380

A flaw was found in QEMU. A heap-based buffer overflow vulnerability was found in the SDHCI device emulation support allowing a guest user or process to crash the QEMU process on the host resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU...

4.6CVSS4.2AI score0.00424EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/08/10 11:21 a.m.6 views

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to...

7.5CVSS7.1AI score0.87553EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2020/08/06 8:19 p.m.3 views

nodejs-lodash: prototype pollution in zipObjectDeep function

A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability...

7.4CVSS7AI score0.05213EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2020/08/06 2:34 p.m.8 views

CloudForms: Out-of-band OS Command Injection through conversion host

An out-of-band OS command injection vulnerability was found in Red Hat CloudForms. An authenticated malicious attacker could execute arbitrary commands on the server by sending a specially crafted request. The highest threat from this vulnerability is to data confidentiality and integrity as well...

9.1CVSS6AI score0.02515EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/08/05 9:48 a.m.33 views

CVE-2020-15708

A flaw was found in libvirt, where an incorrect permissions issue occurs on the UNIX domain socket. This flaw allows a local attacker to access libvirt and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, and system availability...

4.6CVSS5.5AI score0.00383EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2020/08/05 12:0 a.m.4 views

Vulnerability of the Server component: Security: Privileges of the MySQL Server database management system, which allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the MySQL Server component relates to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

9CVSS6.8AI score0.02118EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2020/08/04 11:18 a.m.3 views

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to...

7.5CVSS7.1AI score0.87553EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2020/08/04 7:41 a.m.2 views

dbus: denial of service via file descriptor leak

An uncontrolled resource consumption vulnerability was discovered in D-Bus. The DBusServer leaks file descriptors when a message exceeds the per-message file descriptor limit. This flaw allows a local attacker with access to the D-Bus system bus or another system service's private AFUNIX socket, ...

5.5CVSS7.1AI score0.00569EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2020/08/04 5:13 a.m.31 views

CVE-2020-7017

A stored Cross-site scripting XSS flaw was found in the region map visualization in kibana. This flaw allows an attacker who can edit or create a region map visualization to obtain sensitive information or perform destructive actions on behalf of kibana users who view the region map visualization...

4.6CVSS6.1AI score0.0122EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/08/03 5:21 p.m.4 views

postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML

A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity XXE weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability...

7.7CVSS5.8AI score0.04094EPSS
Exploits0References4
Rows per page
Query Builder