6350 matches found
[SECURITY] Fedora 33 Update: ansible-2.9.18-1.fc33
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...
SUSE-SU-2021:0658-1 Security update for rpmlint
This update for rpmlint fixes the following issues: - Whitelist PAM modules and DBUS rules for cockpit bsc1169614...
SUSE SLED15 / SLES15 Security Update : rpmlint (SUSE-SU-2021:0597-1)
This update for rpmlint fixes the following issues : Whitelist PAM modules and DBUS rules for cockpit bsc1169614 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as...
PYSEC-2021-50
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...
UBUNTU-CVE-2020-35662
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated...
CVE-2021-25281
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...
CVE-2021-25281
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...
CVE-2021-25281
Removed by vendor...
CVE-2020-26200
A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk KRD and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security KES...
Design/Logic Flaw
A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk KRD and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security KES...
SUSE-SU-2021:0597-1 Security update for rpmlint
This update for rpmlint fixes the following issues: - Whitelist PAM modules and DBUS rules for cockpit bsc1169614...
ansible: multiple modules expose secured values
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by nolog feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to dat...
CVE-2020-11147
Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile...
Design/Logic Flaw
Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile...
CVE-2020-11147
CVE-2020-11147 affects Snapdragon Compute, Snapdragon Industrial IOT, and Snapdragon Mobile: a use-after-free in audio modules caused by incorrect macro usage during list iteration when removing/freeing objects. Root cause is the macro misuse leading to freeing objects while iterating. Documented...
CVE-2020-11147
Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile...
Heap overflow
Heap overflow in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access...
Cross site scripting
Out of bounds read in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access...
Input validation
Insufficient input validation in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2020-12376
CVE-2020-12376 affects Intel® Server Boards, Server Systems and Compute Modules BMC firmware. The issue is use of a hard-coded key in firmware before version 2.47, potentially enabling information disclosure via local access by an authenticated user. Intel’s advisory Intel‑SA‑00434 confirms the v...