Remote Code Execution

chakracore is vulnerable to remote code execution. A previous MSRC fix removes the body scope of an enclosing function when a nested function is declared in the param scope of that enclosing function. This results in an incorrect calculation of envIndex for any symbols captured from enclosing...

Huawei EulerOS: Security Advisory for openldap (EulerOS-SA-2020-1585)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : kernel (ELSA-2020-2102)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-2102 advisory. - net netlabel: cope with NULL catmap Paolo Abeni 1827249 1827251 CVE-2020-10711 - mm s390/mm: fix page table upgrade vs 2ndary address mode accesses...

Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources

A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to...

Updated openldap packages fix security vulnerabilities

Updated openldap packages fix security vulnerabilities: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service slapd crash via a member MODDN operation CVE-2017-17740. I...

Null pointer dereference

In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jailset configuration option "osrelease" may return more bytes with a subsequent jailget system call allowing a...

FreeBSD : nested filters leads to stack overflow (c7617931-8985-11ea-93ef-b42e99a1b9c3)

Howard Chu reports : nested filters leads to stack overflow C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacques Vidrine and contributors Redistribution and use in source VuXML and...

CVE-2020-7453

In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jailset configuration option "osrelease" may return more bytes with a subsequent jailget system call allowing a...

CVE-2020-7453

Removed by vendor...

DEBIAN-CVE-2020-12243

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash...

CVE-2020-12243

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash...

ALPINE-CVE-2020-12243

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash...

Denial of service

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash...

UBUNTU-CVE-2020-12243

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash...

PT-2020-13069 · Openldap +6 · Openldap +6

Name of the Vulnerable Software and Affected Versions: OpenLDAP versions prior to 2.4.50 Description: The issue arises from LDAP search filters with nested boolean expressions, which can cause a denial of service daemon crash in the slapd component of OpenLDAP. Recommendations: For versions prior...

nested filters leads to stack overflow

Howard Chu reports: nested filters leads to stack overflow...

The vulnerability of the nested workers mechanism in browsers Firefox, Firefox ESR, and the email client Thunderbird lies in the use of memory areas after they are freed. This allows an attacker to gain unauthorized access to confidential data, cause service failures, and compromise data integrity.

The vulnerability of the nested worker mechanism in browsers Firefox, Firefox ESR, and the email client Thunderbird relates to the use of memory areas after they are freed. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential data, cause service failures...

Medium: kernel

Issue Overview: A stack buffer overflow issue was found in the getrawsocket routine of the Host kernel accelerator for virtio net vhost-net driver. It could occur while doing an ictolVHOSTNETSETBACKEND call, and retrieving socket name in a kernel stack variable via getrawsocket. A user able to...

Update that protects from internal URL port scanning is available for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Embedded Standard 7, Windows Server 2008 R2, Windows 8, Windows RT, and Windows Server 2012

Update that protects from internal URL port scanning is available for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Embedded Standard 7, Windows Server 2008 R2, Windows 8, Windows RT, and Windows Server 2012 Introduction This update is available for Windo...

MS15-081: Description of the security update for Word 2013: August 11, 2015

Resolves vulnerabilities in Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file.SummaryThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office...