CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2020/09/16 7:15 p.m.•23 views

CVE-2020-10718

7.5CVSS6.5AI score

Cvelist•added 2020/09/16 6:6 p.m.•22 views

CVE-2020-10718

8.4AI score0.01435EPSS

Positive Technologies•added 2020/09/16 12:0 a.m.•2 views

PT-2020-12297 · Red Hat · Wildfly

Name of the Vulnerable Software and Affected Versions: Wildfly versions prior to 13.0.0.Final Description: A flaw was found in the embedded managed process API, where the Thread Context Classloader TCCL setting is exposed as a public method. This exposure can bypass the security manager, posing a...

7.5CVSS6.7AI score0.01435EPSS

Exploits0References5

0day.today•added 2020/09/14 12:0 a.m.•39 views

Linux expand_downwards() / munmap() Race Condition Exploit

Linux =4.20: expanddownwards can race with munmap page table freeing Since 4.20, domunmap downgrades the mmapsem from write-locked to read-locked after detaching the VMAs from the mmstruct, but before dropping references to pages and freeing page tables. This ought to be safe because VMA tree...

7.4AI score

Exploits0

ossfuzz•added 2020/09/09 3:39 a.m.•19 views

libsndfile:sndfile_fuzzer: Nested bug in the same thread, aborting. with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5087344745775104 Project: libsndfile Fuzzing Engine: libFuzzer Fuzz Target: sndfilefuzzer Job Type: libfuzzermsanlibsndfile Platform Id: linux Crash Type: Nested bug in the same thread, aborting. Crash Address: Crash State: NULL Sanitizer: memory...

6.8AI score

Exploits0Affected Software1

RedHat Linux•added 2020/09/07 1:5 p.m.•2 views

wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API

A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality...

RedHat Linux•added 2020/09/07 12:58 p.m.•5 views

wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API

RedHat Linux•added 2020/09/07 12:57 p.m.•2 views

wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API

RedHat Linux•added 2020/09/02 9:47 a.m.•4 views

wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API

Positive Technologies•added 2020/09/02 12:0 a.m.•7 views

PT-2021-12654 · Freebsd +1 · Freebsd +2

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 11.3-RELEASE through 11.3-RELEASE before p13 FreeBSD versions 11.4-RELEASE through 11.4-RELEASE before p3 FreeBSD versions 12.1-RELEASE through 12.1-RELEASE before p9 FreeBSD versions 11.4-STABLE through 11.4-STABLE before...

5.5CVSS5.1AI score0.00399EPSS

Exploits0References21

RustSec•added 2020/08/25 12:0 p.m.•19 views

Multiple security issues including data race, buffer overflow, and uninitialized memory drop

arr crate contains multiple security issues. Specifically, 1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary. 2. Index and IndexMut implementation does not check the array bound. 3. Array::newfromtemplate drops uninitialized memo...

9.8CVSS3.6AI score0.01515EPSS

Exploits0

CNVD•added 2020/08/21 12:0 a.m.•2 views

Zulip Server Reverse Tag Kidnapping Vulnerability

Zulip is a powerful open source group chat application that combines the immediacy of live chat with the productivity benefits of threaded conversations.Zulip Server is the Zulip server. A reverse tag kidnapping vulnerability exists in Zulip Server versions prior to 2.1.5. An attacker can exploit...

5.8CVSS6.7AI score0.00685EPSS

RedHat Linux•added 2020/08/17 1:28 p.m.•3 views

wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API

RedHat Linux•added 2020/08/17 1:28 p.m.•3 views

wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API