Lucene search
K

4534 matches found

RedHat Linux
RedHat Linux
added 2020/12/16 8:28 a.m.4 views

postgresql: Multiple features escape "security restricted operation" sandbox

A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

8.8CVSS7.4AI score0.4644EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/12/15 5:27 p.m.4 views

mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

4.9CVSS6.8AI score0.02981EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/12/14 4:38 p.m.2 views

xorg-x11-server: Out-of-bounds access in XkbSetMap function

A flaw was found in the X.Org Server. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS7.3AI score0.00393EPSS
Exploits0References5
CNNVD
CNNVD
added 2020/12/14 12:0 a.m.6 views

IBM Connect:Direct for UNIX 授权问题漏洞

IBM Connect: Direct for UNIX is the United States IBM a point-to-point can support multi-platform transfer of data between the tool software. The software supports z/OS, VSE, AS/400, UNIX IBM, SUN, HP, etc., LINUX, Windows and other 18 platforms, in addition to providing C, C + + +, JAVA,...

9.8CVSS7.1AI score0.02021EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/12/03 11:20 a.m.5 views

golang: malicious symbol names can lead to code execution at build time

An input validation vulnerability was found in Go. From a generated go file from the cgo tool, it is possible to modify symbols within that object file and specify code. This flaw allows an attacker to create a repository that includes malicious pre-built object files that could execute arbitrary...

7.5CVSS7.6AI score0.02244EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/12/01 12:5 p.m.4 views

php: Information disclosure in exif_read_data()

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...

6.5CVSS7.4AI score0.07473EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/11/30 9:0 a.m.4 views

Mozilla: Use-after-free in WebRequestService

During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

8.8CVSS7.4AI score0.0127EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/11/24 11:7 a.m.2 views

bind: incorrect enforcement of update-policy rules of type "subdomain"

A flaw was found in bind. Updates to "Update-policy" rules of type "subdomain" are treated as if they were of type "zonesub" which allows updates to all parts of the zone along with the intended subdomain. The highest threat from this vulnerability is to data integrity...

4.3CVSS6.7AI score0.0364EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/11/10 1:20 p.m.3 views

bind: incorrect enforcement of update-policy rules of type "subdomain"

A flaw was found in bind. Updates to "Update-policy" rules of type "subdomain" are treated as if they were of type "zonesub" which allows updates to all parts of the zone along with the intended subdomain. The highest threat from this vulnerability is to data integrity...

4.3CVSS6.7AI score0.0364EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/11/09 12:4 p.m.3 views

wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory OOM issue, leading to a denial of service. The highest threat from this vulnerability is to system availability...

7.5CVSS5.7AI score0.02183EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/11/05 6:48 p.m.1 views

ant: insecure temporary file vulnerability

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

6.3CVSS7.2AI score0.01793EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/11/05 6:47 p.m.3 views

batik: SSRF via "xlink:href"

A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack SSRF via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system...

7.5CVSS6.8AI score0.1074EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/11/05 6:47 p.m.3 views

ant: insecure temporary file vulnerability

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

6.3CVSS7.2AI score0.01793EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/11/04 1:25 a.m.4 views

freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds OOB read vulnerability has been detected in securityfipsdecrypt in libfreerdp/core/security.c due to an uninitialized value...

5.5CVSS5.7AI score0.00538EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/11/04 1:18 a.m.4 views

SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDLLoadWAVRW in audio/SDLwave.c...

8.8CVSS7.6AI score0.02992EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/11/04 1:18 a.m.5 views

SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMSADPCM in audio/SDLwave.c outside the wNumCoef loop...

8.8CVSS7.5AI score0.02946EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/11/04 1:18 a.m.5 views

SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMSADPCM in audio/SDLwave.c inside the wNumCoef loop...

8.8CVSS7.5AI score0.02959EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/11/04 1:5 a.m.2 views

samba: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results

A NULL pointer dereference, or possible use-after-free flaw was found in the Samba AD LDAP server. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to...

6.5CVSS7.4AI score0.0244EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/11/04 12:58 a.m.8 views

sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c

A use-after-free vulnerability was found in the SQLite FTS3 extension module in the way it implemented the snippet function. This flaw allows an attacker who can execute SQL statements to crash the application or potentially execute arbitrary code...

7CVSS7.6AI score0.0103EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/10/28 3:49 p.m.8 views

curl: Integer overflows in curl_url_set() function

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1...

4.3CVSS7AI score0.04897EPSS
Exploits1References4
Rows per page
Query Builder