CVE-2021-3162

Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation...

CVE-2021-3162

Affected software: Docker Desktop Community for macOS prior to 2.5.0.0. Root cause: mishandling of certificate checking in this version. Impact: local privilege escalation. Remediation: upgrade to Docker Desktop Community 2.5.0.0 or newer (per linked release notes). If newer versions are unavaila...

Ubuntu: Security Advisory (USN-4694-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4694-1: Linux kernel vulnerability

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

CVE-2020-28374

In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a...

CVE-2020-28374

In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a...

CVE-2020-28374

In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a...

Juniper Networks Junos OS Operating System Command Injection Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Junos OS contains an operating system command injection vulnerability that can be exploited by an attacker to elevate...

Fedora: Security Advisory for roundcubemail (FEDORA-2021-73359af51c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-28374

In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a...

Arbitrary Code Execution

f2fs-tools is vulnerable to arbitrary code execution. The vulnerability exists through the file system checking functionality where a specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations...

CVE-2021-3007

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...

CVE-2020-11832

The CVE-2020-11832 entry concerns the Oppo charger code for SM8250_Q_Master: /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c, specifically the functions charging_limit_current_write and charging_limit_time_write. The issue is that parameters are not validated, creating a vulnerab...

PT-2020-17118 · Dhowden · Dhowden Tag

Name of the Vulnerable Software and Affected Versions: dhowden tag versions before 0.0.0-20201120070457-d52dcb253c63 dhowden tag versions before 2020-11-19 Description: The issue is due to improper bounds checking in a number of methods, which can trigger a panic via readPICFrame, readAPICFrame, ...

PT-2020-17121 · Dhowden · Dhowden

Name of the Vulnerable Software and Affected Versions: dhowden tag versions prior to 0.0.0-20201120070457-d52dcb253c63 Description: The issue is due to improper bounds checking in several methods, which can trigger a panic via readAtomData or readAPICFrame due to attempted out-of-bounds reads. If...

CVE-2020-20412

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146...

CVE-2020-20412

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146...

Design/Logic Flaw

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146...

CVE-2020-20412

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146...

CVE-2020-20412

CVE-2018-5146 corresponds to an out-of-bounds memory write in libvorbis Vorbis audio processing. Documentation shows this affects libvorbis builds and was fixed upstream by updating in the 1.3.6 series (vuln exists in libvorbis before 1.3.6, as used by affected products). Root cause is insufficie...