Amazon Linux 2 : kernel (ALAS-2021-1588)

The version of kernel installed on the remote host is prior to 4.14.214-160.339. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1588 advisory. In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making...

openSUSE Security Update : the Linux Kernel (openSUSE-2021-60)

The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2020-27835: A use after free in the Linux kernel infiniband hfi1 driver was found in the way user calls Ioctl after open dev file and fork. A local user could use thi...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

...

CVE-2021-2058

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

UBUNTU-CVE-2021-2058

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2021-04804)

Oracle MySQL is an open source relational database management system.MySQL Server mysqld is the MySQL server, the main program that performs most of the work in a MySQL installation. An unspecified vulnerability exists in the Server: Locking component of Oracle MySQL Server 8.0.22 and earlier. An...

EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the...

Oracle MySQL 访问控制错误漏洞

Oracle MySQL is an open source relational database management system.MySQL Server mysqld is the MySQL server, the main program that performs most of the work in a MySQL installation. An unspecified vulnerability exists in the Server: Locking component of Oracle MySQL Server 8.0.22 and earlier. An...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-1079)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0117-1)

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-28374: Fixed a Linux SCSI target issue bsc1178372. CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver bsc1180559...

SUSE-SU-2021:0096-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0444: Fixed a bad kfree due to a logic error in auditdatatoentry bnc1180027. - CVE-2020-0465: Fixed multiple missing bounds checks in...

SUSE-SU-2021:0095-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver bsc1180559. - CVE-2020-27825: Fixed a race in the traceopen and buffer...

CVE-2020-17503

The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in splitcardcmd.php in which the http parameter "lockin...

Linux TIOCSPGRP Broken Locking Exploit

Linux: Broken locking in TIOCSPGRP leads to corrupted tty-pgrp refcount tiocspgrp, the handler for the TIOCSPGRP ioctl, has the following signature: static int tiocspgrpstruct ttystruct tty, struct ttystruct realtty, pidt user p It receives two ttystruct pointers because, for PTY pairs, userspace...

mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

RHEL 8 : mariadb:10.3 (RHSA-2020:5665)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5665 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded ...

Linux TIOCSPGRP Broken Locking

Linux: Broken locking in TIOCSPGRP leads to corrupted tty-pgrp refcount tiocspgrp, the handler for the TIOCSPGRP ioctl, has the following signature: static int tiocspgrpstruct ttystruct tty, struct ttystruct realtty, pidt user p It receives two ttystruct pointers because, for PTY pairs, userspace...