4535 matches found
curl: Integer overflows in curl_url_set() function
An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1...
kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt
A flaw was found in the Linux kernel. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leadi...
npm: sensitive information exposure through logs
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...
xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS
A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The highest threat from this vulnerability is to system availability...
chromium-browser: Use after free in audio
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
CVE-2020-26159
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Further investigation showed that it was not a security issue. Notes: none...
nss: Use-after-free in sftk_FreeSession due to improper refcounting
A use-after-free flaw was found in Mozilla Network Security Services NSS related to PK11 session handling. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled with NSS...
kernel: out of bounds write in i2c driver leads to local escalation of privilege
An out-of-bounds write flaw was found in the i2c driver in the Linux kernel. This flaw allows an attacker to escalate privileges with system execution privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c
SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDLLoadWAVRW in audio/SDLwave.c...
SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c
SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDLFillRect in video/SDLsurface.c...
freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds OOB read vulnerability has been detected in securityfipsdecrypt in libfreerdp/core/security.c due to an uninitialized value...
Artica Proxy 4.30.000000 Authentication Bypass / Command Injection Exploit
This Metasploit module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials. The application runs in a virtual appliance and...
mysql: C API unspecified vulnerability (CPU Jul 2020)
Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...
mysql: Server: Parser unspecified vulnerability (CPU Oct 2019)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...
mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
mysql: Server: DML unspecified vulnerability (CPU Jul 2020)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
mysql: Server: DML unspecified vulnerability (CPU Jul 2020)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...