The vulnerability of the Java library for reading and writing MS Office documents using Apache POI, related to executing a loop with an unreachable exit condition, allows attackers to cause service failures.

The vulnerability of the Java library for reading and writing MS Office documents using Apache POI is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

CVE-2021-22300

There is an information leak vulnerability in eCNS280TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods...

kernel security, bug fix, and enhancement update

3.10.0-1160.15.2.OL7 - Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and shim-x64 = 15-2.0.3 3.10.0-1160.15.2 - fs nfs: Fix...

EulerOS 2.0 SP8 : gssproxy (EulerOS-SA-2021-1145)

According to the version of the gssproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - gssproxy aka gss-proxy before 0.8.3 does not unlock condmutex before pthread exit in gpworkermain in gpworkers.c. NOTE: An upstream comment states...

CVE-2020-12658

gssproxy aka gss-proxy before 0.8.3 does not unlock condmutex before pthread exit in gpworkermain in gpworkers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional...

Authorities Take Down World's Largest Illegal Dark Web Marketplace

Europol on Tuesday said it shut down DarkMarket, the world's largest online marketplace for illicit goods, as part of an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the U.K.'s National Crime Agency NCA, and the U.S. Federal Bureau of Investigation FBI. At the...

CVE-2020-12658

gssproxy aka gss-proxy before 0.8.3 does not unlock condmutex before pthread exit in gpworkermain in gpworkers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional...

CVE-2020-12658

gssproxy aka gss-proxy before 0.8.3 does not unlock condmutex before pthread exit in gpworkermain in gpworkers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional...

DEBIAN-CVE-2020-12658

gssproxy aka gss-proxy before 0.8.3 does not unlock condmutex before pthread exit in gpworkermain in gpworkers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional...

Code injection

gssproxy aka gss-proxy before 0.8.3 does not unlock condmutex before pthread exit in gpworkermain in gpworkers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional...

CVE-2020-12658

gssproxy aka gss-proxy before 0.8.3 does not unlock condmutex before pthread exit in gpworkermain in gpworkers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional...

Amazon Linux AMI : bind (ALAS-2020-1457) (deprecated)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1457 advisory. - In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supporte...

The vulnerability of the iov_iter_copy_from_user_atomic() function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the iovitercopyfromuseratomic function in the Linux operating system is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow an attacker to cause a service failure...

SUSE SLED15 / SLES15 Security Update : gdm (SUSE-SU-2020:3333-1)

This update for gdm fixes the following issues : Exit with failure if loading existing users fails bsc1178150 CVE-2020-16125. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and...

Heap overflow

WriteOnePNGImage from coders/png.c the PNG coder has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times,...

CVE-2020-25674

WriteOnePNGImage from coders/png.c the PNG coder has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times,...

Oracle Linux 8 : bind (ELSA-2020-4500)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4500 advisory. - Fix tsig-request verify CVE-2020-8622 - Prevent PKCS11 daemon crash on crafted packet CVE-2020-8623 - Correct update-policy type subdomain to match...

PT-2020-16343 · Teler · Teler

Name of the Vulnerable Software and Affected Versions: teler versions prior to 0.0.1 Description: The issue causes a denial-of-service SIGSEGV when teler is run inside a Docker container and encounters the errors.Exit function. This is because it doesn't get the process ID and process group ID of...

EulerOS 2.0 SP2 : ntp (EulerOS-SA-2020-2374)

According to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging a...

The vulnerability of the Apache Tomcat application server arises from the execution of a loop with an unreachable exit condition, allowing attackers to cause service failures.

The vulnerability of the Apache Tomcat application server is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability allows a malicious actor to cause service failures remotely...