206321 matches found
CVE-2021-21779
A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this...
CVE-2021-3594
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udpinput function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or...
CVE-2021-3586
A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and integrity as wel...
CVE-2021-31957
A flaw was found in dotnet. The way client disconnects are handled can allow a remote, unauthenticated attacker to exploit this vulnerability to cause a denial of service against an ASP.NET Core application. The highest threat from this vulnerability is to system availability...
CVE-2020-28407
A flaw was found in swtpm. This flaw allows an attacker to create a symbolic link with the name of the temporary file TMP2-00.permall for TPM 2 and have this point to a valuable file, which will get overwritten by swtpm. The success of the attack depends on the attacker having access to the TPM's...
CVE-2021-25737
A security issue was discovered in Kubernetes where an authorized user may be able to redirect traffic to private networks on a Node. An untrusted user could exploit this by creating or modifying EndpointSlices to point to localhost or link-local addresses. Mitigation Prevent untrusted users from...
CVE-2019-25040
A flaw was found in unbound. An infinite loop in dnamepktcopy function could be triggered by a remote attacker. The highest threat from this vulnerability is to service availability...
CVE-2021-3494
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...
CVE-2021-20295
It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 https://access.redhat.com/errata/RHSA-2020:4676 erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in...
CVE-2021-20277
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability...
CVE-2021-27358
A flaw was found in Grafana. The snapshot feature allows unauthenticated remote attackers to trigger a denial of service DoS via a remote API call if anonymous access is enabled. The highest threat from this vulnerability is to system availability...
CVE-2021-27291
A denial of service attack was discovered against pygments. Some of the regular expressions used to tokenise source code for highlighting have exponential complexity. A specially crafted input file could cause pygments to take effectively infinite time to parse, consuming CPU resources and denyin...
CVE-2021-27363
A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system. Mitigation The LIBISCSI module will be auto-loaded when...
CVE-2021-20270
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword...
CVE-2020-25715
A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting XSS attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity. Mitigation Because the...
CVE-2021-26701
A remote code execution vulnerability was found in dotnet in the System.Text.Encodings.Web package, caused by a buffer overrun. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
CVE-2020-24504
An uncontrolled resource consumption in some IntelR Ethernet E810 Adapter drivers for Linux may allow an authenticated user to potentially cause a denial of service via local access...
CVE-2020-35513
A flaw incorrect umask during file or directory modification in the Linux kernel NFS network file system functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with...
CVE-2020-36188
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, w...
CVE-2020-29363
An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CKATTRIBUTE, the receiving entity may not...
CVE-2020-28912
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...
CVE-2020-25671
A use-after-free flaw was found in the Linux kernel’s NFC LLCP protocol implementation in the way the user triggers the llcpsockconnect function. This flaw allows a local user to crash the system...
CVE-2020-15157
A flaw was found in containerd. Credentials may be leaked during an image pull...
CVE-2020-8565
A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. Previously, CVE-2019-11250 was assigned for the same issue for logging...
CVE-2017-10388
It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java...
CVE-2020-26137
A flaw was found in python-urllib3. The HTTPConnection.request does not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation of the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrit...
CVE-2020-25212
A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation. Mitigation While there is no known mitigation to this flaw, configuring authenticati...
CVE-2019-8720
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. Mitigation Red Hat has investigated whether possible mitigation exists fo...
CVE-2019-8815
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary...
CVE-2019-8808
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution...
CVE-2020-24553
A flaw was found in the Go standard library packages before upstream versions 1.15 and 1.14.8. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". This flaw allows an attacker to exploit this issue in...
CVE-2020-0305
A use-after-free flaw was found in the way the Linux kernel's filesystem subsystem handled a race condition in the chrdevopen function. This flaw allows a privileged local user to starve the resources, causing a denial of service or potentially escalating their privileges. The highest threat from...
CVE-2020-14305
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this...
CVE-2020-12114
A flaw was found in the Linux kernel’s implementation of the pivotroot syscall. This flaw allows a local privileged user root outside or root inside a privileged container to exploit a race condition to manipulate the reference count of the root filesystem. To be able to abuse this flaw, the...
CVE-2020-13143
gadgetdevdescUDCstore in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4...
CVE-2020-13754
An out-of-bounds access flaw was found in the Message Signalled Interrupt MSI-X device support of QEMU. This issue occurs while performing MSI-X mmio operations when a guest sent address goes beyond the mmio region. A guest user or process may use this flaw to crash the QEMU process resulting in ...
CVE-2020-7608
A vulnerability was found in nodesjs-yargs-parser, where it can be tricked into adding or modifying properties of the Object.prototype using a "proto" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
CVE-2020-11608
A flaw was found in the way the ov519 driver in the Linux kernel handled certain types of USB descriptors. This flaw allows an attacker with the ability to induce the error conditions to crash the system. Mitigation In order to mitigate this issue it is possible to prevent the affected code from...
CVE-2019-11833
A flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem...
CVE-2020-10728
A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerabilit...
CVE-2019-14901
A heap overflow flaw was found in the Linux kernel's Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If cod...
CVE-2019-14821
An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host user-space...
CVE-2020-8428
A flaw was found in the Linux kernel. The maycreateinsticky in fs/namei.c function has a possible use-after-free which can allow a local user to cause a denial of service OOPS or possibly obtain sensitive information from kernel memory. The highest threat from this vulnerability is to system...
CVE-2019-11487
A flaw was found in the Linux kernel's implementation of the FUSE filesystem, where it allows a page reference counter overflow. If a page reference counter overflows into a negative value, it can be placed back into the "free" list for reuse by other applications. This flaw allows a local attack...
CVE-2018-9568
A possible memory corruption due to a type confusion was found in the Linux kernel in the skclonelock function in the net/core/sock.c. The possibility of local escalation of privileges cannot be fully ruled out for a local unprivileged attacker. Mitigation The currently known attack vector uses...
CVE-2018-19665
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption...
CVE-2019-0980
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981...
CVE-2019-20382
A memory leakage flaw was found in the way the VNC display driver of QEMU handled the connection disconnect when ZRLE and Tight encoding are enabled. Two VncState objects are created, and one allocates memory for the Zlib's data object. This allocated memory is not freed upon disconnection,...
CVE-2019-16942
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...
CVE-2020-1749
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...