What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-28 11:15:07 | CVE-2020-35505 (lien direct) | A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | Vulnerability Threat | ||
|
2021-05-28 11:15:07 | CVE-2020-35504 (lien direct) | A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | Vulnerability Threat | ||
|
2021-05-28 11:15:07 | CVE-2020-27847 (lien direct) | A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0. | Vulnerability Threat | ||
|
2021-05-28 11:15:07 | CVE-2020-25715 (lien direct) | A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity. | Vulnerability Threat | ||
|
2021-05-28 11:15:07 | CVE-2020-25710 (lien direct) | A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. | Vulnerability Threat | ||
|
2021-05-28 11:15:07 | CVE-2021-20237 (lien direct) | An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability. | Vulnerability Threat | ||
|
2021-05-27 20:15:07 | CVE-2020-14387 (lien direct) | A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4. | Vulnerability Threat | ||
|
2021-05-27 20:15:07 | CVE-2020-14328 (lien direct) | A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality. | Vulnerability Threat Guideline | ||
|
2021-05-27 20:15:07 | CVE-2020-14329 (lien direct) | A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The highest threat from this vulnerability is to confidentiality. | Vulnerability Threat | ||
|
2021-05-27 19:15:07 | CVE-2020-12403 (lien direct) | A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. | Vulnerability Threat | ||
|
2021-05-27 19:15:07 | CVE-2020-10774 (lien direct) | A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality. | Vulnerability Threat | ||
|
2021-05-27 19:15:07 | CVE-2020-10729 (lien direct) | A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6. | Vulnerability Threat | ||
|
2021-05-27 14:15:07 | CVE-2020-27832 (lien direct) | A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious action to impersonate the target user. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | Vulnerability Threat | ||
|
2021-05-27 00:15:08 | CVE-2021-3509 (lien direct) | A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability. | Threat | ||
|
2021-05-26 22:15:08 | CVE-2021-3561 (lien direct) | An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. | Vulnerability Threat | ||
|
2021-05-26 22:15:07 | CVE-2020-27839 (lien direct) | A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | Vulnerability Threat | ||
|
2021-05-26 22:15:07 | CVE-2021-20196 (lien direct) | A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | Vulnerability Threat | ||
|
2021-05-26 21:15:08 | CVE-2021-20297 (lien direct) | A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. | Vulnerability Threat | ||
|
2021-05-26 21:15:08 | CVE-2020-25724 (lien direct) | A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected. | Vulnerability Threat | ||
|
2021-05-26 21:15:08 | CVE-2021-3549 (lien direct) | An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. | Vulnerability Threat | ||
|
2021-05-26 21:15:08 | CVE-2021-20191 (lien direct) | A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected. | Vulnerability Threat | ||
|
2021-05-26 13:15:07 | CVE-2020-27815 (lien direct) | A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | Vulnerability Threat | ||
|
2021-05-26 12:15:18 | CVE-2021-20178 (lien direct) | A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. | Vulnerability Threat | ||
|
2021-05-24 19:15:07 | CVE-2020-20178 (lien direct) | A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. | Vulnerability Threat | ||
|
2021-05-24 12:15:07 | CVE-2021-3559 (lien direct) | A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability. | Vulnerability Threat | ★★★★ | |
|
2021-05-21 17:15:08 | CVE-2020-36330 (lien direct) | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. | Vulnerability Threat | ||
|
2021-05-21 17:15:08 | CVE-2018-25009 (lien direct) | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. | Vulnerability Threat | ||
|
2021-05-21 17:15:08 | CVE-2018-25010 (lien direct) | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability. | Vulnerability Threat | ||
|
2021-05-21 17:15:08 | CVE-2018-25011 (lien direct) | A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | Vulnerability Threat | ||
|
2021-05-21 17:15:08 | CVE-2018-25014 (lien direct) | A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | Vulnerability Threat | ||
|
2021-05-21 17:15:08 | CVE-2018-25012 (lien direct) | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. | Vulnerability Threat | ||
|
2021-05-21 17:15:08 | CVE-2018-25013 (lien direct) | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability. | Vulnerability Threat | ||
|
2021-05-21 17:15:08 | CVE-2020-36328 (lien direct) | A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | Vulnerability Threat | ||
|
2021-05-21 17:15:08 | CVE-2020-36329 (lien direct) | A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | Vulnerability Threat | ||
|
2021-05-21 17:15:08 | CVE-2020-36332 (lien direct) | A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. | Vulnerability Threat | ||
|
2021-05-21 17:15:08 | CVE-2020-36331 (lien direct) | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. | Vulnerability Threat | ||
|
2021-05-20 13:15:07 | CVE-2021-3480 (lien direct) | A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The highest threat from this vulnerability is to system availability. | Vulnerability Threat | ||
|
2021-05-19 14:15:07 | CVE-2021-3421 (lien direct) | A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha. | Vulnerability Threat | ||
|
2021-05-18 12:15:08 | CVE-2021-3531 (lien direct) | A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability. | Threat | ||
|
2021-05-18 12:15:07 | CVE-2020-25709 (lien direct) | A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. | Vulnerability Threat | ||
|
2021-05-17 12:15:07 | CVE-2021-3483 (lien direct) | A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected | Vulnerability Threat Guideline | ||
|
2021-05-14 21:15:07 | CVE-2020-27833 (lien direct) | A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows further symbolic links to bypass the existing path check. This flaw allows the tarball to create links outside the tarball's parent directory, allowing for executables or configuration files to be overwritten, resulting in arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions up to and including openshift-clients-4.7.0-202104250659.p0.git.95881af are affected. | Vulnerability Threat | ||
|
2021-05-14 20:15:16 | CVE-2021-3537 (lien direct) | A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. | Vulnerability Threat | ||
|
2021-05-13 16:15:07 | CVE-2021-20181 (lien direct) | A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability. | Vulnerability Threat | ||
|
2021-05-13 15:15:07 | CVE-2020-27823 (lien direct) | A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | Vulnerability Threat | ||
|
2021-05-13 14:15:17 | CVE-2020-27824 (lien direct) | A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. | Vulnerability Threat | ||
|
2021-05-13 14:15:17 | CVE-2021-20250 (lien direct) | A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality. | Vulnerability Threat Guideline | ||
|
2021-05-13 14:15:17 | CVE-2020-14354 (lien direct) | A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability. | Vulnerability Threat | ||
|
2021-05-12 15:15:07 | CVE-2021-20202 (lien direct) | A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity. | Vulnerability Threat | ||
|
2021-05-12 15:15:07 | CVE-2020-27840 (lien direct) | A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability. | Vulnerability Threat |
To see everything:
Our RSS (filtrered)
