Lucene search
+L

9048 matches found

RedHat Linux
RedHat Linux
added 2020/09/30 1:13 p.m.4 views

foreman: unauthorized cache read on RPM-based installations through local user

A flaw was found in Red Hat Satellite. An attacker could gain access to cache files further allowing access to cached credentials that could help the attacker to gain complete control of the Satellite instance. The highest threat from this vulnerability is to data confidentiality and integrity as...

8.8CVSS7.3AI score0.00315EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/30 7:7 a.m.4 views

squid: Request smuggling and poisoning attack against the HTTP cache

A flaw was found in squid. A trusted client is able to perform a request smuggling and poison the HTTP cache contents with crafted HTTPS request messages. This attack requires an upstream server to participate in the smuggling and generate the poison response sequence. The highest threat from thi...

9.9CVSS5.7AI score0.05706EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/09/29 10:31 p.m.6 views

kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver

A use-after-free flaw was found in the acmprobe USB subsystem in the Linux kernel. A race condition occurs when a destroy procedure is initiated allowing the refcount to decrement on the interface so early that it is never under counted. A malicious USB device is required for exploit. System...

4.9CVSS7.1AI score0.00426EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/09/29 7:0 p.m.4 views

kernel: out-of-bounds write via crafted keycode table

An out-of-bounds write flaw was found in the Linux kernel. A crafted keycode table could be used by drivers/input/input.c to perform the out-of-bounds write. A local user with root access can insert garbage to this keycode table that can lead to out-of-bounds memory access. The highest threat fro...

7.2CVSS6.7AI score0.00384EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/09/29 2:41 p.m.24 views

CVE-2020-14374

A flaw was found in dpdk. A flawed bounds checking in the copydata function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhostcrypto application. The highest threat from this vulnerability is to data confidentiality and integri...

8.8CVSS3.5AI score0.00429EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/09/28 3:0 p.m.26 views

CVE-2020-14375

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhostcrypto has validate...

7.8CVSS7AI score0.0025EPSS
Exploits0References2
OSV
OSV
added 2020/09/28 3:0 p.m.4 views

UBUNTU-CVE-2020-14375

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhostcrypto has validate...

7.8CVSS7AI score0.0025EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2020/09/25 1:50 p.m.10 views

[Podcast] How Entrepreneur Christian Wentz Takes On Identity Authentication and Data Integrity One Line of Code at a Time

!\Podcast\ How Entrepreneur Christian Wentz Takes On Identity Authentication and Data Integrity One Line of Code at a Timehttps://blog.rapid7.com/content/images/2020/09/-Podcast--How-Entrepreneur-Christian-Wentz-Takes-On-Identity-Authentication-and-Data-Integrity-One-Line-of-Code-at-a-Time-2.jpg ...

7AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/09/25 7:0 a.m.2 views

A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.

...

7.8CVSS7AI score0.01308EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2020/09/25 12:0 a.m.55 views

CVE-2020-14351

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integri...

7.8CVSS6.7AI score0.00302EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2020/09/24 10:46 a.m.30 views

CVE-2020-25559

A flaw was found in gnuplot. A double free memory issue when executing printsetoutput may result in context-dependent arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS3.4AI score0.01564EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2020/09/24 12:0 a.m.7 views

The vulnerability of the Naver Whale web browser installer allows a hacker to gain unauthorized access to protected information or compromise the integrity of data.

The vulnerability of the Naver Whale web browser installer is related to improper verification of the cryptographic signature. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or compromise the integrity of the data...

9.4CVSS7.7AI score0.01067EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2020/09/23 4:12 p.m.5 views

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References6
RedHat Linux
RedHat Linux
added 2020/09/23 4:12 p.m.15 views

nodejs-lodash: prototype pollution in zipObjectDeep function

A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability...

7.4CVSS7AI score0.05213EPSS
Exploits1References6
OSV
OSV
added 2020/09/23 1:15 p.m.20 views

CVE-2020-10714

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

7.5CVSS6.6AI score
Exploits0References2
Prion
Prion
added 2020/09/23 1:15 p.m.14 views

Session fixation

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

5.1CVSS8.3AI score0.01454EPSS
Exploits0References2Affected Software5
Cvelist
Cvelist
added 2020/09/23 12:28 p.m.26 views

CVE-2020-10714

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

8.4AI score0.01454EPSS
Exploits0References2
Veracode
Veracode
added 2020/09/21 6:28 a.m.36 views

Privilege Escalation

Linux kernel is vulnerable to privilege escalation. A memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity...

7.8CVSS3.5AI score0.01308EPSS
Exploits1References13Affected Software5
Positive Technologies
Positive Technologies
added 2020/09/20 12:0 a.m.5 views

PT-2021-3604 · Red Hat +5 · Red Hat Ceph Storage Radosgw +5

Name of the Vulnerable Software and Affected Versions: Red Hat Ceph Storage RadosGW Ceph Object Gateway versions prior to 14.2.21 Description: A flaw was found in the Red Hat Ceph Storage RadosGW related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the...

9.8CVSS6.3AI score0.0461EPSS
Exploits2References103
Positive Technologies
Positive Technologies
added 2020/09/20 12:0 a.m.4 views

PT-2021-5763

Name of the Vulnerable Software and Affected Versions ceph versions prior to 14.2.20 Description The issue is related to a flaw in the authentication procedure of the ceph storage network, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and caus...

7.8CVSS6.6AI score0.27477EPSS
Exploits14References81
Rows per page
Query Builder