Lucene search
K

6350 matches found

Fedora
Fedora
added 2021/03/01 5:2 p.m.55 views

[SECURITY] Fedora 33 Update: ansible-2.9.18-1.fc33

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

7.5CVSS3.3AI score0.02043EPSS
Exploits0
OSV
OSV
added 2021/03/01 11:2 a.m.2 views

SUSE-SU-2021:0658-1 Security update for rpmlint

This update for rpmlint fixes the following issues: - Whitelist PAM modules and DBUS rules for cockpit bsc1169614...

7.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/03/01 12:0 a.m.15 views

SUSE SLED15 / SLES15 Security Update : rpmlint (SUSE-SU-2021:0597-1)

This update for rpmlint fixes the following issues : Whitelist PAM modules and DBUS rules for cockpit bsc1169614 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as...

5.5AI score
Exploits0References2
PyPA
PyPA
added 2021/02/27 5:15 a.m.5 views

PYSEC-2021-50

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

9.8CVSS7AI score0.72945EPSS
Exploits5References9Affected Software1
OSV
OSV
added 2021/02/27 5:15 a.m.3 views

UBUNTU-CVE-2020-35662

In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated...

7.4CVSS7.1AI score0.02954EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2021/02/27 12:0 a.m.23 views

CVE-2021-25281

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

6.7AI score0.72945EPSS
Exploits5References11
Cvelist
Cvelist
added 2021/02/27 12:0 a.m.19 views

CVE-2021-25281

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

9.6AI score0.72945EPSS
Exploits5References11
Debian CVE
Debian CVE
added 2021/02/27 12:0 a.m.24 views

CVE-2021-25281

Removed by vendor...

9.8CVSS9.2AI score0.72945EPSS
Exploits5
OSV
OSV
added 2021/02/26 2:15 p.m.6 views

CVE-2020-26200

A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk KRD and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security KES...

6.8CVSS6.9AI score0.00231EPSS
Exploits0References2
Prion
Prion
added 2021/02/26 2:15 p.m.23 views

Design/Logic Flaw

A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk KRD and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security KES...

4.6CVSS6.5AI score0.00231EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2021/02/25 9:27 a.m.3 views

SUSE-SU-2021:0597-1 Security update for rpmlint

This update for rpmlint fixes the following issues: - Whitelist PAM modules and DBUS rules for cockpit bsc1169614...

7.2AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/02/24 5:47 p.m.3 views

ansible: multiple modules expose secured values

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by nolog feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to dat...

5.5CVSS6.8AI score0.00347EPSS
Exploits0References4
NVD
NVD
added 2021/02/22 7:15 a.m.17 views

CVE-2020-11147

Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile...

6.7CVSS0.00152EPSS
Exploits0References1
Prion
Prion
added 2021/02/22 7:15 a.m.20 views

Design/Logic Flaw

Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile...

4.6CVSS7AI score0.00152EPSS
Exploits0References1
CVE
CVE
added 2021/02/22 6:25 a.m.87 views

CVE-2020-11147

CVE-2020-11147 affects Snapdragon Compute, Snapdragon Industrial IOT, and Snapdragon Mobile: a use-after-free in audio modules caused by incorrect macro usage during list iteration when removing/freeing objects. Root cause is the macro misuse leading to freeing objects while iterating. Documented...

6.7CVSS7AI score0.00152EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/22 6:25 a.m.30 views

CVE-2020-11147

Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile...

7AI score0.00152EPSS
Exploits0References1
Prion
Prion
added 2021/02/17 2:15 p.m.20 views

Heap overflow

Heap overflow in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access...

4.6CVSS6.9AI score0.00267EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/02/17 2:15 p.m.16 views

Cross site scripting

Out of bounds read in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access...

4.6CVSS7.7AI score0.00264EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/02/17 2:15 p.m.14 views

Input validation

Insufficient input validation in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access...

4.6CVSS7.7AI score0.00264EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/02/17 1:56 p.m.45 views

CVE-2020-12376

CVE-2020-12376 affects Intel® Server Boards, Server Systems and Compute Modules BMC firmware. The issue is use of a hard-coded key in firmware before version 2.47, potentially enabling information disclosure via local access by an authenticated user. Intel’s advisory Intel‑SA‑00434 confirms the v...

5.5CVSS5.2AI score0.00236EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder