redhat/enterprise_linux: The latest CVE Vulnerabilities and Exploits for Penetration Test
redhat/enterprise_linux Vulnerability Summary
- Vendor name: redhat
- Product name: enterprise_linux
- Total vulnerabilities: 2390 (as 2023-05-04)
redhat/enterprise_linux Vulnerability List
CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in…
Published: 2022-02-04T23:15:00 Last Modified: 2022-02-09T20:00:00
Summary
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2022-0487 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2044561
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42933c8aa14be1caa9eda41f65cde8a3a95d3e39
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-4154: A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux…
Published: 2022-02-04T23:15:00 Last Modified: 2022-02-10T02:31:00
Summary
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel’s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-4154 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2034514
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-4034: A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec…
Published: 2022-01-28T20:15:00 Last Modified: 2022-01-31T17:50:00
Summary
A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it’ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2021-4034 vulnerability.
References
- https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
- https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
- https://bugzilla.redhat.com/show_bug.cgi?id=2025869
- https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-4145: A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to…
Published: 2022-01-25T20:15:00 Last Modified: 2022-02-01T15:03:00
Summary
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The self pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it’s not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-4145 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2034602
- https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-45417: AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such…
Published: 2022-01-20T18:15:00 Last Modified: 2022-01-26T19:49:00
Summary
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-45417 vulnerability.
References
- https://www.openwall.com/lists/oss-security/2022/01/20/3
- http://www.openwall.com/lists/oss-security/2022/01/20/3
- https://www.debian.org/security/2022/dsa-5051
- https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html
- https://www.ipi.fi/pipermail/aide/2022-January/001713.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2022-21682: Flatpak is a Linux application sandboxing and distribution framework. A path traversal…
Published: 2022-01-13T21:15:00 Last Modified: 2022-02-10T07:52:00
Summary
Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies finish-args last in the build. At this point the build directory will have the full access that is specified in the manifest, so running flatpak build against it will gain those permissions. Normally this will not be done, so this is not problem. However, if --mirror-screenshots-url is specified, then flatpak-builder will launch flatpak build --nofilesystem=host appstream-utils mirror-screenshots after finalization, which can lead to issues even with the --nofilesystem=host protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the appstream-util binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of --nofilesystem=home and --nofilesystem=host.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2022-21682 vulnerability.
References
- https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
- https://github.com/flatpak/flatpak/commit/4d11f77aa7fd3e64cfa80af89d92567ab9e8e6fa
- https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APFTBYGJJVJPFVHRXUW5PII5XOAFI4KH/
- https://www.debian.org/security/2022/dsa-5049
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXKBERLJRYV7KXKGXOLI6IOXVBQNN4DP/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-43860: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3…
Published: 2022-01-12T22:15:00 Last Modified: 2022-02-10T15:03:00
Summary
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn’t properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there’s a null byte in the metadata file of an app. Therefore apps can grant themselves permissions without the consent of the user. Flatpak shows permissions to the user during install by reading them from the “xa.metadata” key in the commit metadata. This cannot contain a null terminator, because it is an untrusted GVariant. Flatpak compares these permissions to the actual metadata, from the “metadata” file to ensure it wasn’t lied to. However, the actual metadata contents are loaded in several places where they are read as simple C-style strings. That means that, if the metadata file includes a null terminator, only the content of the file from before the terminator gets compared to xa.metadata. Thus, any permissions that appear in the metadata file after a null terminator are applied at runtime but not shown to the user. So maliciously crafted apps can give themselves hidden permissions. Users who have Flatpaks installed from untrusted sources are at risk in case the Flatpak has a maliciously crafted metadata file, either initially or in an update. This issue is patched in versions 1.12.3 and 1.10.6. As a workaround, users can manually check the permissions of installed apps by checking the metadata file or the xa.metadata key on the commit metadata.
Common Weakness Enumeration (CWE): CWE-276: Incorrect Default Permissions
CWE Description: During installation, installed file permissions are set to allow anyone to modify those files.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-43860 vulnerability.
References
- https://github.com/flatpak/flatpak/commit/d9a8f9d8ccc0b7c1135d0ecde006a75d25f66aee
- https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042
- https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451
- https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e
- https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
- https://github.com/flatpak/flatpak/commit/54ec1a482dfc668127eaae57f135e6a8e0bc52da
- https://github.com/flatpak/flatpak/releases/tag/1.12.3
- https://github.com/flatpak/flatpak/releases/tag/1.10.6
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APFTBYGJJVJPFVHRXUW5PII5XOAFI4KH/
- https://www.debian.org/security/2022/dsa-5049
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-41819: CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also…
Published: 2022-01-01T06:15:00 Last Modified: 2022-02-11T15:32:00
Summary
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
Common Weakness Enumeration (CWE): CWE-565: Reliance on Cookies without Validation and Integrity Checking
CWE Description: The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-41819 vulnerability.
References
- https://hackerone.com/reports/910552
- https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/
- https://security.netapp.com/advisory/ntap-20220121-0003/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-41817: Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of…
Published: 2022-01-01T05:15:00 Last Modified: 2022-01-11T21:31:00
Summary
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-41817 vulnerability.
References
- https://hackerone.com/reports/1254844
- https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-4166: vim is vulnerable to Out-of-bounds Read
Published: 2021-12-25T19:15:00 Last Modified: 2022-02-04T15:45:00
Summary
vim is vulnerable to Out-of-bounds Read
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-4166 vulnerability.
References
- https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035
- https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/
- http://www.openwall.com/lists/oss-security/2022/01/15/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3621: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via…
Published: 2021-12-23T21:15:00 Last Modified: 2022-01-07T16:18:00
Summary
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’)
CWE Description: The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3621 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3622: A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted…
Published: 2021-12-23T21:15:00 Last Modified: 2022-01-10T13:37:00
Summary
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3622 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1975489
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USD4OEV6L3RPHE32V2MJ4JPFBODINWSU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S35TVTAPHORSUIFYNFBHKLQRPVFUPXBE/
- https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255
- https://listman.redhat.com/archives/libguestfs/2021-August/msg00002.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-4024: A flaw was found in podman. The podman machine function (used to create and manage Podman…
Published: 2021-12-23T20:15:00 Last Modified: 2022-02-08T03:15:00
Summary
A flaw was found in podman. The podman machine function (used to create and manage Podman virtual machine containing a Podman process) spawns a gvproxy process on the host system. The gvproxy API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host’s firewall, an attacker can potentially use the gvproxy API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host’s services by forwarding all ports to the VM.
Common Weakness Enumeration (CWE): CWE-346: Origin Validation Error
CWE Description: The software does not properly verify that the source of data or communication is valid.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-4024 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2026675 ,
- https://github.com/containers/podman/releases/tag/v3.4.3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFFVJ6S3ZRMPDYB7KYAWEMDHXFZYQPU3/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-45463: load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command…
Published: 2021-12-23T06:15:00 Last Modified: 2022-02-07T19:13:00
Summary
load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-45463 vulnerability.
References
- https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b
- https://gitlab.gnome.org/GNOME/gegl/-/blob/master/docs/NEWS.adoc
- https://gitlab.gnome.org/GNOME/gimp/-/commit/e8a31ba4f2ce7e6bc34882dc27c97fba993f5868
- https://www.gimp.org/news/2021/12/21/gimp-2-10-30-released/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CG635WJCNXHJM5U4BGMAAP4NK2YFTQXK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP5NDNOTMPI335FXE7VUPW7FXYTT7PYN/
- https://gitlab.gnome.org/GNOME/gegl/-/issues/298
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-44733: A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through…
Published: 2021-12-22T17:15:00 Last Modified: 2022-01-14T07:15:00
Summary
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-44733 vulnerability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/tee/tee_shm.c
- https://lore.kernel.org/lkml/20211215092501.1861229-1-jens.wiklander@linaro.org/
- https://github.com/pjlantz/optee-qemu/blob/main/README.md
- https://security.netapp.com/advisory/ntap-20220114-0003/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-45078: stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a…
Published: 2021-12-15T20:15:00 Last Modified: 2022-01-10T14:10:00
Summary
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-45078 vulnerability.
References
- https://sourceware.org/bugzilla/show_bug.cgi?id=28694
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UUHLDDT3HH7YEY6TX7IJRGPJUTNNVEL3/
- https://security.netapp.com/advisory/ntap-20220107-0002/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-4104: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has…
Published: 2021-12-14T12:15:00 Last Modified: 2022-02-07T16:16:00
Summary
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data
CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
Scores
- Impact Score: 6.4
- Exploitability Score: 6.8
- CVSS: 6.0
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-4104 vulnerability.
References
- https://access.redhat.com/security/cve/CVE-2021-4104
- https://www.cve.org/CVERecord?id=CVE-2021-44228
- https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
- https://www.kb.cert.org/vuls/id/930724
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033
- https://security.netapp.com/advisory/ntap-20211223-0007/
- http://www.openwall.com/lists/oss-security/2022/01/18/3
- https://www.oracle.com/security-alerts/cpujan2022.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in…
Published: 2021-12-08T22:15:00 Last Modified: 2022-01-04T16:09:00
Summary
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-4048 vulnerability.
References
- https://github.com/JuliaLang/julia/issues/42415
- https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41
- https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c
- https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7
- https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781
- https://github.com/Reference-LAPACK/lapack/pull/625
- https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QFEVOCUG2UXMVMFMTU4ONJVDEHY2LW2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3802: A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image…
Published: 2021-11-29T16:15:00 Last Modified: 2021-12-01T15:44:00
Summary
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.9
- Exploitability Score: 6.8
- CVSS: 6.3
- CVSS Vector: AV:N/AC:M/Au:S/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3802 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2003649
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3672: A flaw was found in c-ares library, where a missing input validation check of host names returned…
Published: 2021-11-23T19:15:00 Last Modified: 2021-12-14T18:29:00
Summary
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3672 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3935: When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can…
Published: 2021-11-22T16:15:00 Last Modified: 2022-02-14T15:15:00
Summary
When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.
Common Weakness Enumeration (CWE): CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
CWE Description: The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Scores
- Impact Score: 6.4
- Exploitability Score: 4.9
- CVSS: 5.1
- CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3935 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2021251
- http://www.pgbouncer.org/changelog.html#pgbouncer-116x
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNPCV3KRDI5PLLLKADFVIOHACQJLZMLI/
- https://lists.debian.org/debian-lts-announce/2022/02/msg00016.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-43389: An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds…
Published: 2021-11-04T19:15:00 Last Modified: 2021-12-17T01:15:00
Summary
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-43389 vulnerability.
References
- https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-vA@mail.gmail.com/
- https://seclists.org/oss-sec/2021/q4/39
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f3e2e97c003f80c4b087092b225c8787ff91e4d
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15
- https://bugzilla.redhat.com/show_bug.cgi?id=2013180
- http://www.openwall.com/lists/oss-security/2021/11/05/1
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3746: A flaw was found in the libtpms code that may cause access beyond the boundary of internal…
Published: 2021-10-19T15:15:00 Last Modified: 2021-10-22T20:28:00
Summary
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2’s volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.6
- CVSS: 7.1
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3746 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-32672: Redis is an open source, in-memory database that persists on disk. When using the Redis Lua…
Published: 2021-10-04T18:15:00 Last Modified: 2021-11-28T23:16:00
Summary
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-32672 vulnerability.
References
- https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm
- https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/
- https://security.netapp.com/advisory/ntap-20211104-0003/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/
- https://www.debian.org/security/2021/dsa-5001
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3653: A flaw was found in the KVM’s AMD code for supporting SVM nested virtualization. The flaw occurs…
Published: 2021-09-29T20:15:00 Last Modified: 2022-01-06T20:15:00
Summary
A flaw was found in the KVM’s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the “int_ctl” field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 8.5
- Exploitability Score: 3.9
- CVSS: 6.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:C
Impact
- Availability: COMPLETE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3653 vulnerability.
References
- https://www.openwall.com/lists/oss-security/2021/08/16/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1983686
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-39251: A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G <…
Published: 2021-09-07T15:15:00 Last Modified: 2021-11-29T21:29:00
Summary
A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.4
- CVSS: 6.9
- CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-39251 vulnerability.
References
- https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
- https://bugzilla.redhat.com/show_bug.cgi?id=2001649
- http://www.openwall.com/lists/oss-security/2021/08/30/1
- https://github.com/tuxera/ntfs-3g/releases
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988386
- https://www.debian.org/security/2021/dsa-4971
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/
- https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-33285: In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the…
Published: 2021-09-07T14:15:00 Last Modified: 2021-11-29T21:36:00
Summary
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the “bytes_in_use” field should be less than the “bytes_allocated” field. When it is not, the parsing of the records proceeds into the wild.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.4
- CVSS: 6.9
- CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-33285 vulnerability.
References
- https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
- https://bugzilla.redhat.com/show_bug.cgi?id=2001608
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988386
- https://www.openwall.com/lists/oss-security/2021/08/30/1
- http://www.openwall.com/lists/oss-security/2021/08/30/1
- https://www.debian.org/security/2021/dsa-4971
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/
- https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3634: A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two…
Published: 2021-08-31T17:15:00 Last Modified: 2022-02-07T16:16:00
Summary
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating “secret_hash” of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3634 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1978810
- https://www.debian.org/security/2021/dsa-4965
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVWAAB2XMKEUMPMDALINKAA4U2QM4LNG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4/
- https://security.netapp.com/advisory/ntap-20211004-0003/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/
- https://www.oracle.com/security-alerts/cpujan2022.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-40153: squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory…
Published: 2021-08-27T15:15:00 Last Modified: 2021-10-07T17:48:00
Summary
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-40153 vulnerability.
References
- https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790
- https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646
- https://github.com/plougher/squashfs-tools/issues/72
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAOZ4BKWAC4Y3U2K5MMW3S77HWWXHQDL/
- https://lists.debian.org/debian-lts-announce/2021/08/msg00030.html
- https://www.debian.org/security/2021/dsa-4967
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSMRKVJMJFX3MB7D3PXJSYY3TLZROE5S/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3605: There’s a flaw in OpenEXR’s rleUncompress functionality in versions prior to 3.0.5. An attacker…
Published: 2021-08-25T19:15:00 Last Modified: 2021-09-01T02:04:00
Summary
There’s a flaw in OpenEXR’s rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3605 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3573: A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found…
Published: 2021-08-13T14:15:00 Last Modified: 2021-08-24T19:21:00
Summary
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.4
- CVSS: 6.9
- CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3573 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1966578
- https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52
- https://www.openwall.com/lists/oss-security/2021/06/08/2
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3635: A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A…
Published: 2021-08-13T14:15:00 Last Modified: 2021-08-23T20:33:00
Summary
A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3635 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20314: Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can…
Published: 2021-08-12T15:15:00 Last Modified: 2021-12-02T20:40:00
Summary
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20314 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1993070
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMSFT2NJDZ7PATRZSQPAOGSE7JD6ELOB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFXJRHPE5OSCPTNA3ZZ4ORDHT4JQH3Y4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y6T4HYXXSUQCGJB2ES6X7Q74YYF7V7XU/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-38160: ** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data…
Published: 2021-08-07T04:15:00 Last Modified: 2022-01-01T17:58:00
Summary
** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior.
Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-38160 vulnerability.
References
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46
- https://access.redhat.com/security/cve/cve-2021-38160
- https://security.netapp.com/advisory/ntap-20210902-0010/
- https://www.debian.org/security/2021/dsa-4978
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3580: A flaw was found in the way nettle’s RSA decryption functions handled specially crafted…
Published: 2021-08-05T21:15:00 Last Modified: 2021-11-26T21:06:00
Summary
A flaw was found in the way nettle’s RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3580 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1967983
- https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html
- https://security.netapp.com/advisory/ntap-20211104-0006/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3655: A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size…
Published: 2021-08-05T21:15:00 Last Modified: 2022-01-01T17:58:00
Summary
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
Common Weakness Enumeration (CWE): CWE-909: Missing Initialization of Resource
CWE Description: The software does not initialize a critical resource.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3655 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1984024
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3682: A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2….
Published: 2021-08-05T20:15:00 Last Modified: 2021-10-18T12:20:00
Summary
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.
Common Weakness Enumeration (CWE): CWE-763: Release of Invalid Pointer or Reference
CWE Description: The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.
Scores
- Impact Score: 6.4
- Exploitability Score: 6.8
- CVSS: 6.0
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3682 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1989651
- https://security.netapp.com/advisory/ntap-20210902-0006/
- https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html
- https://www.debian.org/security/2021/dsa-4980
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3679: A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to…
Published: 2021-08-05T20:15:00 Last Modified: 2022-01-01T17:58:00
Summary
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3679 vulnerability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f0d6d9883c13174669f88adac4f0ee656cc16a
- https://bugzilla.redhat.com/show_bug.cgi?id=1989165
- https://www.debian.org/security/2021/dsa-4978
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3570: A flaw was found in the ptp4l program of the linuxptp package. A missing length check when…
Published: 2021-07-09T11:15:00 Last Modified: 2021-09-14T14:42:00
Summary
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 8.5
- Exploitability Score: 8.0
- CVSS: 8.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C
Impact
- Availability: COMPLETE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3570 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1966240
- https://www.debian.org/security/2021/dsa-4938
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RHRUVSDP673LXJ5HGIPQPWPIYUPWYQA7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUBKTRCMJ6VKS7DIBSZQB4ATSKVCJYXJ/
- https://lists.debian.org/debian-lts-announce/2021/07/msg00025.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3571: A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a…
Published: 2021-07-09T11:15:00 Last Modified: 2021-09-14T14:43:00
Summary
A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.0
- CVSS: 5.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3571 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1966241
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RHRUVSDP673LXJ5HGIPQPWPIYUPWYQA7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUBKTRCMJ6VKS7DIBSZQB4ATSKVCJYXJ/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3612: An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem in…
Published: 2021-07-09T11:15:00 Last Modified: 2021-12-17T01:15:00
Summary
An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3612 vulnerability.
References
- https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82@gmail.com/
- https://bugzilla.redhat.com/show_bug.cgi?id=1974079
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/
- https://security.netapp.com/advisory/ntap-20210805-0005/
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3598: There’s a flaw in OpenEXR’s ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An…
Published: 2021-07-06T15:15:00 Last Modified: 2021-07-09T15:45:00
Summary
There’s a flaw in OpenEXR’s ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3598 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3592: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….
Published: 2021-06-15T21:15:00 Last Modified: 2021-09-21T18:04:00
Summary
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the ‘bootp_t’ structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer
CWE Description: The program accesses or uses a pointer that has not been initialized.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3592 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1970484
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/
- https://security.gentoo.org/glsa/202107-44
- https://security.netapp.com/advisory/ntap-20210805-0004/
- https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html
- https://lists.debian.org/debian-lts-announce/2021/09/msg00004.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3593: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….
Published: 2021-06-15T21:15:00 Last Modified: 2021-09-20T13:52:00
Summary
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the ‘udphdr’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer
CWE Description: The program accesses or uses a pointer that has not been initialized.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3593 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1970487
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/
- https://security.gentoo.org/glsa/202107-44
- https://security.netapp.com/advisory/ntap-20210805-0004/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3594: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….
Published: 2021-06-15T21:15:00 Last Modified: 2021-09-21T18:04:00
Summary
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the ‘udphdr’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer
CWE Description: The program accesses or uses a pointer that has not been initialized.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3594 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1970491
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/
- https://security.gentoo.org/glsa/202107-44
- https://security.netapp.com/advisory/ntap-20210805-0004/
- https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3595: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….
Published: 2021-06-15T21:15:00 Last Modified: 2021-09-21T17:01:00
Summary
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the ’tftp_t’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer
CWE Description: The program accesses or uses a pointer that has not been initialized.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3595 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1970489
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/
- https://security.gentoo.org/glsa/202107-44
- https://security.netapp.com/advisory/ntap-20210805-0004/
- https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-0129: Improper access control in BlueZ may allow an authenticated user to potentially enable…
Published: 2021-06-09T20:15:00 Last Modified: 2021-11-29T17:59:00
Summary
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization
CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Scores
- Impact Score: 2.9
- Exploitability Score: 5.1
- CVSS: 2.7
- CVSS Vector: AV:A/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2021-0129 vulnerability.
References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html
- https://security.netapp.com/advisory/ntap-20210716-0002/
- https://www.debian.org/security/2021/dsa-4951
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3532: A flaw was found in Ansible where the secret information present in async_files are getting…
Published: 2021-06-09T12:15:00 Last Modified: 2021-06-21T16:54:00
Summary
A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3532 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3533: A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a…
Published: 2021-06-09T12:15:00 Last Modified: 2021-06-17T17:21:00
Summary
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CWE Description: The software checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.
Scores
- Impact Score: 2.9
- Exploitability Score: 1.9
- CVSS: 1.2
- CVSS Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3533 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3565: A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a…
Published: 2021-06-04T12:15:00 Last Modified: 2021-12-02T13:55:00
Summary
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
Common Weakness Enumeration (CWE): CWE-665: Improper Initialization
CWE Description: The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3565 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1964427
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESY6HRYUKR5ZG2K5QAJQC5S6HMKZMFK7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XK5M7I66PBXSN663TSLAZ3V6TWWFCV7C/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3569: A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while…
Published: 2021-06-03T12:15:00 Last Modified: 2021-06-14T17:36:00
Summary
A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS (bad memory access) and termination of swtpm. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3569 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10742: A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to…
Published: 2021-06-02T11:15:00 Last Modified: 2021-06-11T12:25:00
Summary
A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10742 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-32027: A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17…
Published: 2021-06-01T14:15:00 Last Modified: 2021-09-14T17:38:00
Summary
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.0
- CVSS: 6.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-32027 vulnerability.
References
- https://www.postgresql.org/support/security/CVE-2021-32027/
- https://bugzilla.redhat.com/show_bug.cgi?id=1956876
- https://security.netapp.com/advisory/ntap-20210713-0004/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3516: There’s a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who is able to submit…
Published: 2021-06-01T14:15:00 Last Modified: 2022-02-07T16:16:00
Summary
There’s a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3516 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1954225
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
- https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
- https://security.gentoo.org/glsa/202107-05
- https://security.netapp.com/advisory/ntap-20210716-0005/
- https://www.oracle.com/security-alerts/cpujan2022.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3543: A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that…
Published: 2021-06-01T14:15:00 Last Modified: 2021-06-11T19:14:00
Summary
A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3543 vulnerability.
References
- https://lore.kernel.org/lkml/20210429165941.27020-1-andraprs@amazon.com/
- https://bugzilla.redhat.com/show_bug.cgi?id=1953022
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20201: A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote…
Published: 2021-05-28T11:15:00 Last Modified: 2021-06-04T15:34:00
Summary
A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20201 vulnerability.
References
- https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
- https://bugzilla.redhat.com/show_bug.cgi?id=1921846
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20236: A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious…
Published: 2021-05-28T11:15:00 Last Modified: 2021-06-02T15:35:00
Summary
A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20236 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1921976
- https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20239: A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw…
Published: 2021-05-28T11:15:00 Last Modified: 2021-06-02T15:28:00
Summary
A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.
Common Weakness Enumeration (CWE): CWE-822: Untrusted Pointer Dereference
CWE Description: The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20239 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20292: There is a flaw reported in the Linux kernel in versions before 5.9 in…
Published: 2021-05-28T11:15:00 Last Modified: 2021-06-23T02:15:00
Summary
There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20292 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1939686
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25710: A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a…
Published: 2021-05-28T11:15:00 Last Modified: 2021-09-14T17:38:00
Summary
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-617: Reachable Assertion
CWE Description: The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-25710 vulnerability.
References
- https://lists.debian.org/debian-lts-announce/2020/12/msg00008.html
- https://git.openldap.org/openldap/openldap/-/commit/ab3915154e69920d480205b4bf5ccb2b391a0a1f#a2feb6ed0257c21c6672793ee2f94eaadc10c72c
- https://www.debian.org/security/2020/dsa-4792
- https://bugzilla.redhat.com/show_bug.cgi?id=1899678
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210716-0003/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14301: An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP…
Published: 2021-05-27T20:15:00 Last Modified: 2021-06-29T10:15:00
Summary
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpxml command.
Common Weakness Enumeration (CWE): CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
CWE Description: The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-14301 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1848640
- https://security.netapp.com/advisory/ntap-20210629-0007/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1702: A malicious container image can consume an unbounded amount of memory when being pulled to a…
Published: 2021-05-27T20:15:00 Last Modified: 2021-06-10T15:16:00
Summary
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-1702 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-30501: An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow…
Published: 2021-05-27T00:15:00 Last Modified: 2021-06-08T01:59:00
Summary
An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-30501 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1948696
- https://github.com/upx/upx/issues/486
- https://github.com/upx/upx/pull/487
- https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-30500: Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version…
Published: 2021-05-27T00:15:00 Last Modified: 2021-06-08T02:05:00
Summary
Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-30500 vulnerability.
References
- https://github.com/upx/upx/issues/485
- https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc
- https://bugzilla.redhat.com/show_bug.cgi?id=1948692
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-30471: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary…
Published: 2021-05-26T22:15:00 Last Modified: 2021-06-08T15:04:00
Summary
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.
Common Weakness Enumeration (CWE): CWE-674: Uncontrolled Recursion
CWE Description: The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-30471 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-30469: A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function…
Published: 2021-05-26T22:15:00 Last Modified: 2021-06-08T16:29:00
Summary
A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-30469 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-30470: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(),…
Published: 2021-05-26T22:15:00 Last Modified: 2021-06-08T02:07:00
Summary
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.
Common Weakness Enumeration (CWE): CWE-674: Uncontrolled Recursion
CWE Description: The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-30470 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3527: A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined…
Published: 2021-05-26T22:15:00 Last Modified: 2021-11-15T17:22:00
Summary
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.
Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling
CWE Description: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3527 vulnerability.
References
- https://www.openwall.com/lists/oss-security/2021/05/05/5
- https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c
- https://bugzilla.redhat.com/show_bug.cgi?id=1955695
- https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986
- https://security.netapp.com/advisory/ntap-20210708-0008/
- https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20297: A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a…
Published: 2021-05-26T21:15:00 Last Modified: 2021-06-03T17:20:00
Summary
A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20297 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-25014: A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function…
Published: 2021-05-21T17:15:00 Last Modified: 2021-11-30T22:00:00
Summary
A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-908: Use of Uninitialized Resource
CWE Description: The software uses or accesses a resource that has not been initialized.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-25014 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956927
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://support.apple.com/kb/HT212601
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://security.netapp.com/advisory/ntap-20211104-0004/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-25009: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function…
Published: 2021-05-21T17:15:00 Last Modified: 2021-11-30T22:00:00
Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-25009 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956917
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://security.netapp.com/advisory/ntap-20211104-0004/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-25013: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function…
Published: 2021-05-21T17:15:00 Last Modified: 2021-12-01T14:45:00
Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-25013 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956926
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://security.netapp.com/advisory/ntap-20211112-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-25011: A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in…
Published: 2021-05-21T17:15:00 Last Modified: 2021-11-30T22:00:00
Summary
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-25011 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956919
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://support.apple.com/kb/HT212601
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://security.netapp.com/advisory/ntap-20211104-0004/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-25010: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function…
Published: 2021-05-21T17:15:00 Last Modified: 2021-11-30T22:30:00
Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-25010 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956918
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://support.apple.com/kb/HT212601
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://security.netapp.com/advisory/ntap-20211112-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-25012: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function…
Published: 2021-05-21T17:15:00 Last Modified: 2021-12-01T14:46:00
Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-25012 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956922
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://security.netapp.com/advisory/ntap-20211112-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-36331: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function…
Published: 2021-05-21T17:15:00 Last Modified: 2021-12-01T14:44:00
Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-36331 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956856
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://support.apple.com/kb/HT212601
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://security.netapp.com/advisory/ntap-20211112-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-36328: A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function…
Published: 2021-05-21T17:15:00 Last Modified: 2021-12-01T14:45:00
Summary
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-36328 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956829
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://support.apple.com/kb/HT212601
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://security.netapp.com/advisory/ntap-20211112-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-36329: A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread…
Published: 2021-05-21T17:15:00 Last Modified: 2021-12-01T14:44:00
Summary
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-36329 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956843
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://support.apple.com/kb/HT212601
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://security.netapp.com/advisory/ntap-20211112-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-36330: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function…
Published: 2021-05-21T17:15:00 Last Modified: 2021-11-30T19:43:00
Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-36330 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956853
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://support.apple.com/kb/HT212601
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://security.netapp.com/advisory/ntap-20211104-0004/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-36332: A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an…
Published: 2021-05-21T17:15:00 Last Modified: 2021-11-30T19:43:00
Summary
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-36332 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956868
- https://www.debian.org/security/2021/dsa-4930
- https://security.netapp.com/advisory/ntap-20211104-0004/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3426: There’s a flaw in Python 3’s pydoc. A local or adjacent attacker who discovers or is able to…
Published: 2021-05-20T13:15:00 Last Modified: 2022-02-07T16:16:00
Summary
There’s a flaw in Python 3’s pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 5.1
- CVSS: 2.7
- CVSS Vector: AV:A/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2021-3426 vulnerability.
References
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/
- https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/
- https://bugzilla.redhat.com/show_bug.cgi?id=1935913
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/
- https://security.gentoo.org/glsa/202104-04
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/
- https://security.netapp.com/advisory/ntap-20210629-0003/
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who…
Published: 2021-05-19T14:15:00 Last Modified: 2021-07-20T11:15:00
Summary
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.
Common Weakness Enumeration (CWE): CWE-347: Improper Verification of Cryptographic Signature
CWE Description: The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3421 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1927747
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/
- https://security.gentoo.org/glsa/202107-43
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3445: A flaw was found in libdnf’s signature verification functionality in versions before 0.60.1. This…
Published: 2021-05-19T14:15:00 Last Modified: 2021-06-02T14:58:00
Summary
A flaw was found in libdnf’s signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-347: Improper Verification of Cryptographic Signature
CWE Description: The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Scores
- Impact Score: 6.4
- Exploitability Score: 4.9
- CVSS: 5.1
- CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3445 vulnerability.
References
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4NL7TNWAHJ6JVRABQUPWHKKCTHUZMNF/
- https://bugzilla.redhat.com/show_bug.cgi?id=1932079
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPMFGGQ5T6WVFTFX3OKMVTTM5O4EXWZR/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3517: There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An…
Published: 2021-05-19T14:15:00 Last Modified: 2022-02-07T16:16:00
Summary
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3517 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1954232
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
- https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
- https://security.netapp.com/advisory/ntap-20210625-0002/
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
- https://security.gentoo.org/glsa/202107-05
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://security.netapp.com/advisory/ntap-20211022-0004/
- https://www.oracle.com/security-alerts/cpujan2022.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3518: There’s a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted…
Published: 2021-05-18T12:15:00 Last Modified: 2021-12-09T21:30:00
Summary
There’s a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3518 vulnerability.
References
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
- https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1954242
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
- https://security.netapp.com/advisory/ntap-20210625-0002/
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
- https://security.gentoo.org/glsa/202107-05
- https://support.apple.com/kb/HT212604
- https://support.apple.com/kb/HT212605
- https://support.apple.com/kb/HT212602
- https://support.apple.com/kb/HT212601
- http://seclists.org/fulldisclosure/2021/Jul/55
- http://seclists.org/fulldisclosure/2021/Jul/54
- http://seclists.org/fulldisclosure/2021/Jul/58
- http://seclists.org/fulldisclosure/2021/Jul/59
- https://www.oracle.com/security-alerts/cpuoct2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3537: A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors…
Published: 2021-05-14T20:15:00 Last Modified: 2021-12-08T20:19:00
Summary
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3537 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956522
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
- https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
- https://security.netapp.com/advisory/ntap-20210625-0002/
- https://security.gentoo.org/glsa/202107-05
- https://www.oracle.com/security-alerts/cpuoct2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27769: In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of…
Published: 2021-05-14T20:15:00 Last Modified: 2021-05-19T19:08:00
Summary
In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type ‘float’ at MagickCore/quantize.c.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27769 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20221: An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller…
Published: 2021-05-13T16:15:00 Last Modified: 2021-12-10T19:56:00
Summary
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20221 vulnerability.
References
- https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1924601
- http://www.openwall.com/lists/oss-security/2021/02/05/1
- https://security.netapp.com/advisory/ntap-20210708-0005/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27824: A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This…
Published: 2021-05-13T14:15:00 Last Modified: 2021-12-07T19:40:00
Summary
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27824 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1905723
- https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/
- https://www.debian.org/security/2021/dsa-4882
- https://www.oracle.com/security-alerts/cpuoct2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3504: A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of…
Published: 2021-05-11T23:15:00 Last Modified: 2021-06-21T18:35:00
Summary
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3504 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1949687
- https://lists.debian.org/debian-lts-announce/2021/05/msg00011.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQXTEACRWYAZVNEOIWIYUFGG4GOXSQ22/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5BNKNVYFL36P2GBEB5O36LHFRYU575H/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in…
Published: 2021-05-06T17:15:00 Last Modified: 2022-01-01T17:51:00
Summary
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 8.5
- Exploitability Score: 3.9
- CVSS: 6.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:C
Impact
- Availability: COMPLETE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-31916 vulnerability.
References
- https://seclists.org/oss-sec/2021/q1/268
- https://bugzilla.redhat.com/show_bug.cgi?id=1946965
- https://github.com/torvalds/linux/commit/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3507: A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It…
Published: 2021-05-06T16:15:00 Last Modified: 2021-06-01T14:55:00
Summary
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3507 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1951118
- https://security.netapp.com/advisory/ntap-20210528-0005/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3501: A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the…
Published: 2021-05-06T13:15:00 Last Modified: 2021-06-18T10:15:00
Summary
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3501 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1950136
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a
- https://security.netapp.com/advisory/ntap-20210618-0008/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20254: A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs)…
Published: 2021-05-05T14:15:00 Last Modified: 2021-06-24T18:30:00
Summary
A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 6.8
- CVSS: 4.9
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20254 vulnerability.
References
- https://security.netapp.com/advisory/ntap-20210430-0001/
- https://www.samba.org/samba/security/CVE-2021-20254.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1949442
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EP2VJ73OVBPVSOSTVOMGIEQA3MWF6F7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZAF6L2M6CNAJ2YYYGXPWETTW5YLCWTVT/
- https://security.gentoo.org/glsa/202105-22
- https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3472: A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in…
Published: 2021-04-26T15:15:00 Last Modified: 2021-05-19T12:54:00
Summary
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-191: Integer Underflow (Wrap or Wraparound)
CWE Description: The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3472 vulnerability.
References
- https://lists.x.org/archives/xorg-announce/2021-April/003080.html
- https://seclists.org/oss-sec/2021/q2/20
- https://www.zerodayinitiative.com/advisories/ZDI-21-463/
- https://bugzilla.redhat.com/show_bug.cgi?id=1944167
- https://www.debian.org/security/2021/dsa-4893
- https://www.tenable.com/plugins/nessus/148701
- http://www.openwall.com/lists/oss-security/2021/04/13/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/
- https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
- https://security.gentoo.org/glsa/202104-02
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20208: A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file…
Published: 2021-04-19T22:15:00 Last Modified: 2021-12-10T19:52:00
Summary
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
Common Weakness Enumeration (CWE): CWE-266: Incorrect Privilege Assignment
CWE Description: A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Scores
- Impact Score: 4.9
- Exploitability Score: 6.8
- CVSS: 4.9
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20208 vulnerability.
References
- https://bugzilla.samba.org/show_bug.cgi?id=14651
- https://bugzilla.redhat.com/show_bug.cgi?id=1921116
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4BZSJXROEFHYATAAHHRR6P3HUSMPQB3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4HSDIWXXNQBUW5ZS37RQMLJ7THK5AS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WJ3SVBHCSNQZAWSGLB6FBOCFU45FFG/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3497: GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing…
Published: 2021-04-19T21:15:00 Last Modified: 2021-04-27T16:48:00
Summary
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3497 vulnerability.
References
- https://gstreamer.freedesktop.org/security/sa-2021-0002.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1945339
- https://www.debian.org/security/2021/dsa-4900
- https://lists.debian.org/debian-lts-announce/2021/04/msg00027.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3498: GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
Published: 2021-04-19T21:15:00 Last Modified: 2021-06-03T17:15:00
Summary
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3498 vulnerability.
References
- https://gstreamer.freedesktop.org/security/sa-2021-0003.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1945342
- https://www.debian.org/security/2021/dsa-4900
- http://packetstormsecurity.com/files/162952/Gstreamer-Matroska-Demuxing-Use-After-Free.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3505: A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit…
Published: 2021-04-19T21:15:00 Last Modified: 2021-06-03T16:19:00
Summary
A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.
Common Weakness Enumeration (CWE): CWE-331: Insufficient Entropy
CWE Description: The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3505 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1950046
- https://github.com/stefanberger/libtpms/issues/183
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NUCZX4S53TUNTSGTCRDNOQZV2V2RI4RJ/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3487: There’s a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a…
Published: 2021-04-15T14:15:00 Last Modified: 2021-05-04T12:55:00
Summary
There’s a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.6
- CVSS: 7.1
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3487 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1947111
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6V2LF5AVOUTHPYY2O5TRNAIXVMXFDGL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNBNDMJWZOQYCEZXENHBSM6DBZ332UZZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3Z3KSJY3CLAAFFT7FNFCJOMDITPQGN56/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3482: A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation…
Published: 2021-04-08T23:15:00 Last Modified: 2021-09-21T18:15:00
Summary
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3482 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1946314
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN/
- https://www.debian.org/security/2021/dsa-4958
- https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3448: A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for…
Published: 2021-04-08T23:15:00 Last Modified: 2022-02-07T16:16:00
Summary
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
Common Weakness Enumeration (CWE): CWE-358: Improperly Implemented Security Check for Standard
CWE Description: The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3448 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1939368
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHURNEHHUBSW45KMIZ4FNBCSUPWPGV5V/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHG7GWSQWKF7JXIMLOGJBKZWBB4VIAJ7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVTJUOFFFHINLKWAOC2ZSC5MOPD4SJ24/
- https://security.gentoo.org/glsa/202105-20
- https://www.oracle.com/security-alerts/cpujan2022.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20305: A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification…
Published: 2021-04-05T22:15:00 Last Modified: 2021-12-06T13:57:00
Summary
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20305 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1942533
- https://security.gentoo.org/glsa/202105-31
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63/
- https://www.debian.org/security/2021/dsa-4933
- https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html
- https://security.netapp.com/advisory/ntap-20211022-0002/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20291: A deadlock vulnerability was found in ‘github.com/containers/storage’ in versions before 1.28.1….
Published: 2021-04-01T18:15:00 Last Modified: 2021-06-02T13:13:00
Summary
A deadlock vulnerability was found in ‘github.com/containers/storage’ in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).
Common Weakness Enumeration (CWE): CWE-667: Improper Locking
CWE Description: The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.6
- CVSS: 7.1
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20291 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1939485
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5D7XL7FL24TWFMGQ3K2S72EOUSLZMKL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNMB7O2UIXE34PGSCSOULGHPX5LIJBMM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WX24EITRXVHDM5M223BVTJA2ODF2FSHI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X/
- https://unit42.paloaltonetworks.com/cve-2021-20291/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3393: An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before…
Published: 2021-04-01T14:15:00 Last Modified: 2021-06-04T19:04:00
Summary
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
Common Weakness Enumeration (CWE): CWE-209: Generation of Error Message Containing Sensitive Information
CWE Description: The software generates an error message that includes sensitive information about its environment, users, or associated data.
Scores
- Impact Score: 2.9
- Exploitability Score: 6.8
- CVSS: 3.5
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3393 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1924005
- https://security.netapp.com/advisory/ntap-20210507-0006/
- https://security.gentoo.org/glsa/202105-32
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20271: A flaw was found in RPM’s signature check functionality when reading a package file. This flaw…
Published: 2021-03-26T17:15:00 Last Modified: 2021-12-10T19:50:00
Summary
A flaw was found in RPM’s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
Common Weakness Enumeration (CWE): CWE-345: Insufficient Verification of Data Authenticity
CWE Description: The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Scores
- Impact Score: 6.4
- Exploitability Score: 4.9
- CVSS: 5.1
- CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20271 vulnerability.
References
- https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21
- https://bugzilla.redhat.com/show_bug.cgi?id=1934125
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/
- https://security.gentoo.org/glsa/202107-43
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20197: There is an open race window when writing output in the following utilities in GNU binutils…
Published: 2021-03-26T17:15:00 Last Modified: 2021-05-28T10:15:00
Summary
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)
CWE Description: The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.4
- CVSS: 3.3
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20197 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1913743
- https://sourceware.org/bugzilla/show_bug.cgi?id=26945
- https://security.netapp.com/advisory/ntap-20210528-0009/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-35518: When binding against a DN during authentication, the reply from 389-ds-base will be different…
Published: 2021-03-26T17:15:00 Last Modified: 2021-04-01T14:56:00
Summary
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-35518 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1905565
- https://github.com/389ds/389-ds-base/issues/4480
- https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc
- https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-35508: A flaw possibility of race condition and incorrect initialization of the process id was found in…
Published: 2021-03-26T17:15:00 Last Modified: 2021-12-16T20:42:00
Summary
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.
Common Weakness Enumeration (CWE): CWE-665: Improper Initialization
CWE Description: The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-35508 vulnerability.
References
- https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948
- https://bugzilla.redhat.com/show_bug.cgi?id=1902724
- https://security.netapp.com/advisory/ntap-20210513-0006/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3443: A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled…
Published: 2021-03-25T19:15:00 Last Modified: 2021-03-30T16:52:00
Summary
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3443 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3446: A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms…
Published: 2021-03-25T19:15:00 Last Modified: 2021-03-26T18:01:00
Summary
A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.
Common Weakness Enumeration (CWE): CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE Description: The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3446 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3466: A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function…
Published: 2021-03-25T19:15:00 Last Modified: 2021-12-15T14:38:00
Summary
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.
Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Scores
- Impact Score: 10.0
- Exploitability Score: 10.0
- CVSS: 10.0
- CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3466 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1939127
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4334XJNDJPYQNFE6S3S2KUJJ7TMHYCWL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K5NEPVGP3L2CZHLZ4UB44PEILHKPDBOG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/75HDMREKITMGPGE62NP7KE62ZJVLETXN/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3409: The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU…
Published: 2021-03-23T21:15:00 Last Modified: 2021-05-07T05:15:00
Summary
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3409 vulnerability.
References
- https://www.openwall.com/lists/oss-security/2021/03/09/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1928146
- https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html
- https://security.netapp.com/advisory/ntap-20210507-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when…
Published: 2021-03-23T17:15:00 Last Modified: 2021-12-10T17:04:00
Summary
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the “exception” keyword.
Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20270 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1922136
- https://www.debian.org/security/2021/dsa-4889
- https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html
- https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10196: A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent…
Published: 2021-03-19T20:15:00 Last Modified: 2021-03-25T19:21:00
Summary
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.
Common Weakness Enumeration (CWE): CWE-665: Improper Initialization
CWE Description: The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Scores
- Impact Score: 8.5
- Exploitability Score: 10.0
- CVSS: 9.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C
Impact
- Availability: COMPLETE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10196 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3416: A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in…
Published: 2021-03-18T20:15:00 Last Modified: 2022-01-04T16:38:00
Summary
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3416 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1932827
- https://www.openwall.com/lists/oss-security/2021/02/26/1
- https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html
- https://security.netapp.com/advisory/ntap-20210507-0002/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14850: A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker…
Published: 2021-03-18T19:15:00 Last Modified: 2021-03-24T18:05:00
Summary
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.
Common Weakness Enumeration (CWE): CWE-406: Insufficient Control of Network Message Volume (Network Amplification)
CWE Description: The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor.
Scores
- Impact Score: 2.9
- Exploitability Score: 4.9
- CVSS: 2.6
- CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-14850 vulnerability.
References
- https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1757258
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27827: A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause…
Published: 2021-03-18T17:15:00 Last Modified: 2021-08-04T17:14:00
Summary
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.6
- CVSS: 7.1
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27827 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1921438
- https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20286: A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may…
Published: 2021-03-15T18:15:00 Last Modified: 2021-03-22T14:32:00
Summary
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.
Common Weakness Enumeration (CWE): CWE-617: Reachable Assertion
CWE Description: The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20286 vulnerability.
References
- https://gitlab.com/nbdkit/libnbd/-/commit/fb4440de9cc76e9c14bd3ddf3333e78621f40ad0
- https://bugzilla.redhat.com/show_bug.cgi?id=1934727
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20179: A flaw was found in pki-core. An attacker who has successfully compromised a key could use this…
Published: 2021-03-15T13:15:00 Last Modified: 2021-03-24T01:58:00
Summary
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.
Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization
CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.0
- CVSS: 5.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20179 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1914379
- https://github.com/dogtagpki/pki/pull/3475
- https://github.com/dogtagpki/pki/pull/3476
- https://github.com/dogtagpki/pki/pull/3474
- https://github.com/dogtagpki/pki/pull/3477
- https://github.com/dogtagpki/pki/pull/3478
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3I7BRAHLE2WWSY76W3CKFCF5WSSAE24/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDOLFOLEIV7I4EUC3SCZBXL6E2ER7ZEN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRE44N6P24AEDKRMWK7RPRLMCUUBRJII/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20231: A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead…
Published: 2021-03-12T19:15:00 Last Modified: 2021-06-01T14:07:00
Summary
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20231 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1922276
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/
- https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779@%3Cissues.spark.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210416-0005/
- https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7@%3Cissues.spark.apache.org%3E
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20232: A flaw was found in gnutls. A use after free issue in client_send_params in…
Published: 2021-03-12T19:15:00 Last Modified: 2021-05-17T14:30:00
Summary
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20232 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1922275
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/
- https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779@%3Cissues.spark.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210416-0005/
- https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7@%3Cissues.spark.apache.org%3E
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20261: A race condition was found in the Linux kernels implementation of the floppy disk drive…
Published: 2021-03-11T21:15:00 Last Modified: 2021-03-19T13:08:00
Summary
A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.
Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
CWE Description: The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20261 vulnerability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0c80efe5956ccce9fe7ae5c78542578c07bc20a
- https://bugzilla.redhat.com/show_bug.cgi?id=1932150
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-35521: A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF…
Published: 2021-03-09T20:15:00 Last Modified: 2021-05-21T09:15:00
Summary
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-35521 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1932034
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/
- https://security.gentoo.org/glsa/202104-06
- https://security.netapp.com/advisory/ntap-20210521-0009/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3411: A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was…
Published: 2021-03-09T20:15:00 Last Modified: 2021-05-21T15:30:00
Summary
A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-94: Improper Control of Generation of Code (‘Code Injection’)
CWE Description: The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3411 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20244: A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted…
Published: 2021-03-09T19:15:00 Last Modified: 2021-03-25T18:45:00
Summary
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-369: Divide By Zero
CWE Description: The product divides a value by zero.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.6
- CVSS: 7.1
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20244 vulnerability.
References
- https://github.com/ImageMagick/ImageMagick/pull/3194
- https://bugzilla.redhat.com/show_bug.cgi?id=1928959
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20245: A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is…
Published: 2021-03-09T19:15:00 Last Modified: 2022-01-01T18:02:00
Summary
A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-369: Divide By Zero
CWE Description: The product divides a value by zero.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.6
- CVSS: 7.1
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20245 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1928943
- https://github.com/ImageMagick/ImageMagick/issues/3176
- https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20246: A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file…
Published: 2021-03-09T19:15:00 Last Modified: 2021-03-25T18:46:00
Summary
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-369: Divide By Zero
CWE Description: The product divides a value by zero.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.6
- CVSS: 7.1
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20246 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1928941
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25639: A NULL pointer dereference flaw was found in the Linux kernel’s GPU Nouveau driver functionality…
Published: 2021-03-04T22:15:00 Last Modified: 2021-03-10T20:47:00
Summary
A NULL pointer dereference flaw was found in the Linux kernel’s GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-25639 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1876995
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUCBCKRHWP3UD2AVVYQJE7BIJEMCMXW5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HE4CT3NL6OEBRRBUKHIX63GLNVOWCVRW/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3404: In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-…
Published: 2021-03-04T22:15:00 Last Modified: 2021-03-10T20:22:00
Summary
In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3404 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3403: In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a…
Published: 2021-03-04T22:15:00 Last Modified: 2021-03-10T20:24:00
Summary
In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3403 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20225: A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to…
Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00
Summary
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20225 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1924696
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20233: A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code…
Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00
Summary
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20233 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1926263
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14372: A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of…
Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00
Summary
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-184: Incomplete List of Disallowed Inputs
CWE Description: The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.
Scores
- Impact Score: 10.0
- Exploitability Score: 1.9
- CVSS: 6.2
- CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14372 vulnerability.
References
- https://access.redhat.com/security/vulnerabilities/RHSB-2021-003
- https://bugzilla.redhat.com/show_bug.cgi?id=1873150
- https://security.netapp.com/advisory/ntap-20210416-0004/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25632: A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the…
Published: 2021-03-03T17:15:00 Last Modified: 2021-12-16T20:42:00
Summary
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-25632 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1879577
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25647: A flaw was found in grub2 in versions prior to 2.06. During USB device initialization,…
Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00
Summary
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-25647 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1886936
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27749: A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the…
Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00
Summary
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-121: Stack-based Buffer Overflow
CWE Description: A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-27749 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1899966
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27779: A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure…
Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00
Summary
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub’s memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-285: Improper Authorization
CWE Description: The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.4
- CVSS: 6.9
- CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-27779 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1900698
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20194: There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with…
Published: 2021-02-23T23:15:00 Last Modified: 2021-03-31T12:29:00
Summary
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20194 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1912683
- https://security.netapp.com/advisory/ntap-20210326-0003/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20229: A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT…
Published: 2021-02-23T18:15:00 Last Modified: 2021-06-09T15:01:00
Summary
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.
Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization
CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20229 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1925296
- https://security.netapp.com/advisory/ntap-20210326-0005/
- https://security.gentoo.org/glsa/202105-32
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20188: A flaw was found in podman before 1.7.0. File permissions for non-root users running in a…
Published: 2021-02-11T18:15:00 Last Modified: 2021-02-17T20:12:00
Summary
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization
CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.4
- CVSS: 6.9
- CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20188 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-35513: A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network…
Published: 2021-01-26T18:15:00 Last Modified: 2021-02-02T19:39:00
Summary
A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service.
Common Weakness Enumeration (CWE): CWE-271: Privilege Dropping / Lowering Errors
CWE Description: The software does not drop privileges before passing control of a resource to an actor that does not have those privileges.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-35513 vulnerability.
References
- https://patchwork.kernel.org/project/linux-nfs/patch/20180403203916.GH20297@fieldses.org/
- https://bugzilla.redhat.com/show_bug.cgi?id=1911309
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25657: A flaw was found in all released versions of m2crypto, where they are vulnerable to…
Published: 2021-01-12T15:15:00 Last Modified: 2021-04-07T14:58:00
Summary
A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-25657 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-35507: There’s a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34…
Published: 2021-01-04T15:15:00 Last Modified: 2021-07-10T05:15:00
Summary
There’s a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-35507 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1911691
- https://security.netapp.com/advisory/ntap-20210212-0007/
- https://security.gentoo.org/glsa/202107-24
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27846: A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to…
Published: 2020-12-21T16:15:00 Last Modified: 2021-03-31T15:17:00
Summary
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-115: Misinterpretation of Input
CWE Description: The software misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.
Scores
- Impact Score: 10.0
- Exploitability Score: 10.0
- CVSS: 10.0
- CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27846 vulnerability.
References
- https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9
- https://bugzilla.redhat.com/show_bug.cgi?id=1907670
- https://grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterprise/
- https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICP3YRY2VUCNCF2VFUSK77ZMRIC77FEM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUTKIRWT6TWU7DS6GF3EOANVQBFQZYI/
- https://security.netapp.com/advisory/ntap-20210205-0002/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25712: A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo…
Published: 2020-12-15T17:15:00 Last Modified: 2020-12-16T21:42:00
Summary
A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-122: Heap-based Buffer Overflow
CWE Description: A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-25712 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1887276
- https://lists.x.org/archives/xorg-announce/2020-December/003066.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27777: A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On…
Published: 2020-12-15T17:15:00 Last Modified: 2020-12-22T17:18:00
Summary
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-27777 vulnerability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=bd59380c5ba4147dcbaad3e582b55ccfd120b764
- https://www.openwall.com/lists/oss-security/2020/11/23/2
- https://www.openwall.com/lists/oss-security/2020/10/09/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1900844
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27825: A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1)….
Published: 2020-12-11T19:15:00 Last Modified: 2021-07-15T19:16:00
Summary
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 7.8
- Exploitability Score: 3.4
- CVSS: 5.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-27825 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1905155
- https://www.debian.org/security/2021/dsa-4843
- https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
- https://security.netapp.com/advisory/ntap-20210521-0008/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27786: A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local…
Published: 2020-12-11T05:15:00 Last Modified: 2021-07-15T19:16:00
Summary
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-27786 vulnerability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d
- https://bugzilla.redhat.com/show_bug.cgi?id=1900933
- https://security.netapp.com/advisory/ntap-20210122-0002/
- http://www.openwall.com/lists/oss-security/2020/12/03/1
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during…
Published: 2020-12-08T01:15:00 Last Modified: 2021-01-08T12:15:00
Summary
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-25692 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1894567
- https://security.netapp.com/advisory/ntap-20210108-0006/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-29573: sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has…
Published: 2020-12-06T00:15:00 Last Modified: 2021-01-26T18:15:00
Summary
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of “Fixed for glibc 2.33” in the 26649 reference.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-29573 vulnerability.
References
- https://sourceware.org/bugzilla/show_bug.cgi?id=26649
- https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html
- https://security.gentoo.org/glsa/202101-20
- https://security.netapp.com/advisory/ntap-20210122-0004/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27773: A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted…
Published: 2020-12-04T22:15:00 Last Modified: 2021-06-02T19:07:00
Summary
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Common Weakness Enumeration (CWE): CWE-369: Divide By Zero
CWE Description: The product divides a value by zero.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27773 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1898295
- https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27772: A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is…
Published: 2020-12-04T22:15:00 Last Modified: 2021-06-02T19:08:00
Summary
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned int. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27772 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1898291
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27776: A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file…
Published: 2020-12-04T21:15:00 Last Modified: 2021-06-02T18:57:00
Summary
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27776 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27775: A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file…
Published: 2020-12-04T21:15:00 Last Modified: 2021-06-02T19:04:00
Summary
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27775 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1898300
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27774: A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file…
Published: 2020-12-04T21:15:00 Last Modified: 2021-04-28T16:46:00
Summary
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type ssize_t. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27774 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1898296
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27767: A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file…
Published: 2020-12-04T15:15:00 Last Modified: 2021-06-02T18:20:00
Summary
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types float and unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27767 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1894687
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27765: A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file…
Published: 2020-12-04T15:15:00 Last Modified: 2021-06-02T19:16:00
Summary
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Common Weakness Enumeration (CWE): CWE-369: Divide By Zero
CWE Description: The product divides a value by zero.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27765 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1894684
- https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27771: In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex()…
Published: 2020-12-04T15:15:00 Last Modified: 2021-06-02T19:13:00
Summary
In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27771 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1898290
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14339: A flaw was found in libvirt, where it leaked a file descriptor for /dev/mapper/control into the…
Published: 2020-12-03T17:15:00 Last Modified: 2021-02-09T19:59:00
Summary
A flaw was found in libvirt, where it leaked a file descriptor for /dev/mapper/control into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-772: Missing Release of Resource after Effective Lifetime
CWE Description: The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14339 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14351: A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf…
Published: 2020-12-03T17:15:00 Last Modified: 2021-11-04T17:05:00
Summary
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14351 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1862849
- https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
- https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27778: A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote…
Published: 2020-12-03T17:15:00 Last Modified: 2020-12-07T19:30:00
Summary
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the ‘pdftohtml’ program, would crash the application causing a denial of service.
Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer
CWE Description: The program accesses or uses a pointer that has not been initialized.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27778 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27783: A XSS vulnerability was discovered in python-lxml’s clean module. The module’s parser didn’t…
Published: 2020-12-03T17:15:00 Last Modified: 2021-07-20T23:15:00
Summary
A XSS vulnerability was discovered in python-lxml’s clean module. The module’s parser didn’t properly imitate browsers, which caused different behaviors between the sanitizer and the user’s page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27783 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1901633
- https://www.debian.org/security/2020/dsa-4810
- https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK/
- https://advisory.checkmarx.net/advisory/CX-2020-4286
- https://security.netapp.com/advisory/ntap-20210521-0003/
- https://www.oracle.com//security-alerts/cpujul2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14318: A flaw was found in the way samba handled file and directory permissions. An authenticated user…
Published: 2020-12-03T16:15:00 Last Modified: 2022-01-01T18:12:00
Summary
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
Common Weakness Enumeration (CWE): CWE-266: Incorrect Privilege Assignment
CWE Description: A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-14318 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1892631
- https://www.samba.org/samba/security/CVE-2020-14318.html
- https://security.gentoo.org/glsa/202012-24
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14383: A flaw was found in samba’s DNS server. An authenticated user could use this flaw to the RPC…
Published: 2020-12-02T01:15:00 Last Modified: 2021-05-05T12:57:00
Summary
A flaw was found in samba’s DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-14383 vulnerability.
References
- https://www.samba.org/samba/security/CVE-2020-14383.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1892636
- https://security.gentoo.org/glsa/202012-24
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25656: A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem…
Published: 2020-12-02T01:15:00 Last Modified: 2022-01-01T18:11:00
Summary
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.4
- CVSS: 1.9
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-25656 vulnerability.
References
- https://lkml.org/lkml/2020/10/29/528
- https://lkml.org/lkml/2020/10/16/84
- https://bugzilla.redhat.com/show_bug.cgi?id=1888726
- https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
- https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25708: A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use…
Published: 2020-11-27T18:15:00 Last Modified: 2020-12-02T19:14:00
Summary
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.
Common Weakness Enumeration (CWE): CWE-369: Divide By Zero
CWE Description: The product divides a value by zero.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-25708 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10763: An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive…
Published: 2020-11-24T17:15:00 Last Modified: 2020-12-02T19:16:00
Summary
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.
Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File
CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10763 vulnerability.
References
- https://github.com/heketi/heketi/releases/tag/v10.1.0
- https://bugzilla.redhat.com/show_bug.cgi?id=1845387
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25705: A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports….
Published: 2020-11-17T02:15:00 Last Modified: 2021-05-18T12:15:00
Summary
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version
Common Weakness Enumeration (CWE): CWE-330: Use of Insufficiently Random Values
CWE Description: The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-25705 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25661: A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel’s Bluetooth…
Published: 2020-11-05T21:15:00 Last Modified: 2020-11-19T15:32:00
Summary
A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-843: Access of Resource Using Incompatible Type (‘Type Confusion’)
CWE Description: The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Scores
- Impact Score: 10.0
- Exploitability Score: 6.5
- CVSS: 8.3
- CVSS Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2020-25661 vulnerability.
References
- https://access.redhat.com/security/cve/CVE-2020-12351
- https://access.redhat.com/security/vulnerabilities/BleedingTooth
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25661
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25662: A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel’s Bluetooth…
Published: 2020-11-05T21:15:00 Last Modified: 2021-10-19T13:49:00
Summary
A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel’s Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.
Common Weakness Enumeration (CWE): CWE-665: Improper Initialization
CWE Description: The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Scores
- Impact Score: 2.9
- Exploitability Score: 6.5
- CVSS: 3.3
- CVSS Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2020-25662 vulnerability.
References
- https://access.redhat.com/security/cve/CVE-2020-12352
- https://access.redhat.com/security/vulnerabilities/BleedingTooth
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25662
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-3864: A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows…
Published: 2020-10-27T21:15:00 Last Modified: 2021-05-18T13:20:00
Summary
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.
Common Weakness Enumeration (CWE): CWE-346: Origin Validation Error
CWE Description: The software does not properly verify that the source of data or communication is valid.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-3864 vulnerability.
References
- https://support.apple.com/en-us/HT210918
- https://support.apple.com/en-us/HT210923
- https://support.apple.com/en-us/HT210948
- https://support.apple.com/en-us/HT210947
- https://support.apple.com/en-us/HT210920
- https://support.apple.com/en-us/HT210922
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8846: A use after free issue was addressed with improved memory management. This issue is fixed in tvOS…
Published: 2020-10-27T21:15:00 Last Modified: 2021-05-18T13:20:00
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-8846 vulnerability.
References
- https://support.apple.com/en-us/HT210790
- https://support.apple.com/en-us/HT210793
- https://support.apple.com/en-us/HT210792
- https://support.apple.com/en-us/HT210795
- https://support.apple.com/en-us/HT210794
- https://support.apple.com/en-us/HT210785
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8844: Multiple memory corruption issues were addressed with improved memory handling. This issue is…
Published: 2020-10-27T20:15:00 Last Modified: 2021-05-18T13:19:00
Summary
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-8844 vulnerability.
References
- https://support.apple.com/en-us/HT210790
- https://support.apple.com/en-us/HT210793
- https://support.apple.com/en-us/HT210792
- https://support.apple.com/en-us/HT210789
- https://support.apple.com/en-us/HT210795
- https://support.apple.com/en-us/HT210794
- https://support.apple.com/en-us/HT210785
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8835: Multiple memory corruption issues were addressed with improved memory handling. This issue is…
Published: 2020-10-27T20:15:00 Last Modified: 2021-05-18T13:19:00
Summary
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-8835 vulnerability.
References
- https://support.apple.com/en-us/HT210790
- https://support.apple.com/en-us/HT210793
- https://support.apple.com/en-us/HT210792
- https://support.apple.com/en-us/HT210795
- https://support.apple.com/en-us/HT210794
- https://support.apple.com/en-us/HT210785
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25648: A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw…
Published: 2020-10-20T22:15:00 Last Modified: 2021-12-07T19:58:00
Summary
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling
CWE Description: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-25648 vulnerability.
References
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
- https://bugzilla.redhat.com/show_bug.cgi?id=1887319
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPOLN6DJUYQ3QBQEGLZGV73SNIPK7GHV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRM53IQCPZT2US3M7JXTP6I6IBA5RGOD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERA5SVJQXQMDGES7RIT4F4NQVLD35RXN/
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14355: Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the…
Published: 2020-10-07T15:15:00 Last Modified: 2020-12-04T18:15:00
Summary
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.0
- CVSS: 6.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-14355 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1868435
- https://www.openwall.com/lists/oss-security/2020/10/06/10
- https://www.debian.org/security/2020/dsa-4771
- https://usn.ubuntu.com/4572-1/
- https://usn.ubuntu.com/4572-2/
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00000.html
- https://lists.debian.org/debian-lts-announce/2020/11/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00001.html
- https://lists.debian.org/debian-lts-announce/2020/11/msg00001.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25743: hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a…
Published: 2020-10-06T15:15:00 Last Modified: 2020-10-07T13:31:00
Summary
hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-25743 vulnerability.
References
- https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1b
- https://bugzilla.redhat.com/show_bug.cgi?id=1881409
- http://www.openwall.com/lists/oss-security/2020/09/29/1
- https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05967.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25637: A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0,…
Published: 2020-10-06T14:15:00 Last Modified: 2020-12-04T18:15:00
Summary
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-415: Double Free
CWE Description: The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-25637 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1881037
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00072.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25643: A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory…
Published: 2020-10-06T14:15:00 Last Modified: 2021-10-19T13:45:00
Summary
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 8.5
- Exploitability Score: 6.8
- CVSS: 7.5
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:C
Impact
- Availability: COMPLETE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-25643 vulnerability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105
- https://bugzilla.redhat.com/show_bug.cgi?id=1879981
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html
- https://www.debian.org/security/2020/dsa-4774
- https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
- https://security.netapp.com/advisory/ntap-20201103-0002/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25641: A flaw was found in the Linux kernel’s implementation of biovecs in versions before 5.9-rc7. A…
Published: 2020-10-06T14:15:00 Last Modified: 2020-12-04T18:15:00
Summary
A flaw was found in the Linux kernel’s implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-25641 vulnerability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e24969022cbd61ddc586f14824fc205661bb124
- https://www.kernel.org/doc/html/latest/block/biovecs.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1881424
- http://www.openwall.com/lists/oss-security/2020/10/06/9
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
- https://usn.ubuntu.com/4576-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14370: An information disclosure vulnerability was found in containers/podman in versions before 2.0.5….
Published: 2020-09-23T13:15:00 Last Modified: 2021-11-04T16:36:00
Summary
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.
Common Weakness Enumeration (CWE): CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
CWE Description: The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-14370 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1874268
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6BPCZX4ASKNONL3MSCK564IVXNYSKLP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y74V7HGQBNLT6XECCSNZNFZIB7G7XSAR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4Y2FSGQWP4AFT5AZ6UBN6RKHVXUBRFV/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14382: A vulnerability was found in upstream release cryptsetup-2.2.0 where, there’s a bug in LUKS2…
Published: 2020-09-16T15:15:00 Last Modified: 2022-01-01T18:39:00
Summary
A vulnerability was found in upstream release cryptsetup-2.2.0 where, there’s a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file ’lib/luks2/luks2_json_metadata.c’ in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement “intervals = malloc(first_backup * sizeof(*intervals));”). Due to the bug, library can be tricked to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-14382 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1874712
- https://usn.ubuntu.com/4493-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OJTQ4KSVCW2NMSU5WFVPOHY46WMNF4OB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TD6YSD63LLRRC4WQ7DJLSXWNUCY6FWBM/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10759: A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the…
Published: 2020-09-15T19:15:00 Last Modified: 2020-09-22T16:51:00
Summary
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.
Common Weakness Enumeration (CWE): CWE-347: Improper Verification of Cryptographic Signature
CWE Description: The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.4
- CVSS: 3.3
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10759 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1844316
- https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14331: A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles…
Published: 2020-09-15T19:15:00 Last Modified: 2021-01-13T14:35:00
Summary
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14331 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1858679
- https://lists.openwall.net/linux-kernel/2020/07/29/234
- https://www.openwall.com/lists/oss-security/2020/07/28/2
- https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-0570: Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an…
Published: 2020-09-14T19:15:00 Last Modified: 2021-09-21T17:58:00
Summary
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
Common Weakness Enumeration (CWE): CWE-426: Untrusted Search Path
CWE Description: The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application’s direct control.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-0570 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1800604
- https://lists.qt-project.org/pipermail/development/2020-January/038534.html
- https://bugreports.qt.io/browse/QTBUG-81272
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1749: A flaw was found in the Linux kernel’s implementation of some networking protocols in IPsec, such…
Published: 2020-09-09T15:15:00 Last Modified: 2021-07-15T19:16:00
Summary
A flaw was found in the Linux kernel’s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn’t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
Common Weakness Enumeration (CWE): CWE-319: Cleartext Transmission of Sensitive Information
CWE Description: The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-1749 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749
- https://security.netapp.com/advisory/ntap-20201222-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14373: A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local…
Published: 2020-09-03T18:15:00 Last Modified: 2020-09-10T14:46:00
Summary
A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14373 vulnerability.
References
- https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ece5cbbd9979cd35737b00e68267762d72feb2ea;hp=1ef5f08f2c2e27efa978f0010669ff22355c385f
- https://bugzilla.redhat.com/show_bug.cgi?id=1873239
- https://bugs.ghostscript.com/show_bug.cgi?id=702851
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14364: An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions…
Published: 2020-08-31T18:15:00 Last Modified: 2020-11-11T06:15:00
Summary
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice ‘setup_len’ exceeds its ‘data_buf[4096]’ in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14364 vulnerability.
References
- https://www.openwall.com/lists/oss-security/2020/08/24/2
- https://bugzilla.redhat.com/show_bug.cgi?id=1869201
- https://www.openwall.com/lists/oss-security/2020/08/24/3
- https://www.debian.org/security/2020/dsa-4760
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTZQUQ6ZBPMFMNAUQBVJFELYNMUZLL6P/
- https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M52WIRMZL6TZRYZ65N6OAYNNFHV62O2N/
- https://usn.ubuntu.com/4511-1/
- https://security.netapp.com/advisory/ntap-20200924-0006/
- https://security.gentoo.org/glsa/202009-14
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html
- https://security.gentoo.org/glsa/202011-09
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14356: A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10…
Published: 2020-08-19T15:15:00 Last Modified: 2020-11-02T21:15:00
Summary
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14356 vulnerability.
References
- https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/
- https://bugzilla.redhat.com/show_bug.cgi?id=1868453
- https://bugzilla.kernel.org/show_bug.cgi?id=208003
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html
- https://security.netapp.com/advisory/ntap-20200904-0002/
- https://usn.ubuntu.com/4484-1/
- https://usn.ubuntu.com/4483-1/
- https://usn.ubuntu.com/4526-1/
- https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14311: There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A…
Published: 2020-07-31T22:15:00 Last Modified: 2021-10-19T13:23:00
Summary
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
Common Weakness Enumeration (CWE): CWE-122: Heap-based Buffer Overflow
CWE Description: A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14311 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14311
- https://usn.ubuntu.com/4432-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html
- https://security.gentoo.org/glsa/202104-05
- http://www.openwall.com/lists/oss-security/2021/09/17/2
- http://www.openwall.com/lists/oss-security/2021/09/17/4
- http://www.openwall.com/lists/oss-security/2021/09/21/1
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14310: There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a…
Published: 2020-07-31T22:15:00 Last Modified: 2021-10-19T13:19:00
Summary
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn’t verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14310 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14310
- https://usn.ubuntu.com/4432-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-15706: GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free…
Published: 2020-07-29T18:15:00 Last Modified: 2021-05-01T02:15:00
Summary
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-15706 vulnerability.
References
- https://www.suse.com/support/kb/doc/?id=000019673
- http://ubuntu.com/security/notices/USN-4432-1
- https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
- https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011
- https://access.redhat.com/security/vulnerabilities/grub2bootloader
- https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
- https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/
- https://www.openwall.com/lists/oss-security/2020/07/29/3
- https://www.debian.org/security/2020/dsa-4735
- http://www.openwall.com/lists/oss-security/2020/07/29/3
- https://security.netapp.com/advisory/ntap-20200731-0008/
- https://usn.ubuntu.com/4432-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-15705: GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot…
Published: 2020-07-29T18:15:00 Last Modified: 2021-09-21T12:15:00
Summary
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
Common Weakness Enumeration (CWE): CWE-347: Improper Verification of Cryptographic Signature
CWE Description: The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-15705 vulnerability.
References
- https://www.suse.com/support/kb/doc/?id=000019673
- http://ubuntu.com/security/notices/USN-4432-1
- https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
- https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011
- https://access.redhat.com/security/vulnerabilities/grub2bootloader
- https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
- https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/
- https://www.openwall.com/lists/oss-security/2020/07/29/3
- http://www.openwall.com/lists/oss-security/2020/07/29/3
- https://security.netapp.com/advisory/ntap-20200731-0008/
- https://usn.ubuntu.com/4432-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html
- http://www.openwall.com/lists/oss-security/2021/03/02/3
- https://security.gentoo.org/glsa/202104-05
- http://www.openwall.com/lists/oss-security/2021/09/17/2
- http://www.openwall.com/lists/oss-security/2021/09/17/4
- http://www.openwall.com/lists/oss-security/2021/09/21/1
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-15707: Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the…
Published: 2020-07-29T18:15:00 Last Modified: 2021-09-13T14:25:00
Summary
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-15707 vulnerability.
References
- https://www.suse.com/support/kb/doc/?id=000019673
- http://ubuntu.com/security/notices/USN-4432-1
- https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
- https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011
- https://access.redhat.com/security/vulnerabilities/grub2bootloader
- https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
- https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/
- https://www.openwall.com/lists/oss-security/2020/07/29/3
- https://www.debian.org/security/2020/dsa-4735
- http://www.openwall.com/lists/oss-security/2020/07/29/3
- https://security.netapp.com/advisory/ntap-20200731-0008/
- https://usn.ubuntu.com/4432-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-15719: libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the…
Published: 2020-07-14T14:15:00 Last Modified: 2021-07-31T08:15:00
Summary
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation
CWE Description: The software does not validate, or incorrectly validates, a certificate.
Scores
- Impact Score: 4.9
- Exploitability Score: 4.9
- CVSS: 4.0
- CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-15719 vulnerability.
References
- https://access.redhat.com/errata/RHBA-2019:3674
- https://bugzilla.redhat.com/show_bug.cgi?id=1740070
- https://bugs.openldap.org/show_bug.cgi?id=9266
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14300: The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise…
Published: 2020-07-13T22:15:00 Last Modified: 2020-07-21T19:32:00
Summary
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053 ) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116) . The CVE-2020-14300 was assigned to this security regression and it is specific to the docker packages produced by Red Hat. The original issue - CVE-2016-9962 - could possibly allow a process inside container to compromise a process entering container namespace and execute arbitrary code outside of the container. This could lead to compromise of the container host or other containers running on the same container host. This issue only affects a single version of Docker, 1.13.1-108.git4ef4b30, shipped in Red Hat Enterprise Linux 7. Both earlier and later versions are not affected.
Common Weakness Enumeration (CWE): CWE-273: Improper Check for Dropped Privileges
CWE Description: The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14300 vulnerability.
References
- https://access.redhat.com/security/vulnerabilities/cve-2016-9962
- https://access.redhat.com/errata/RHBA-2020:0427
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9962
- https://access.redhat.com/security/cve/CVE-2016-9962
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14298: The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053…
Published: 2020-07-13T21:15:00 Last Modified: 2020-07-21T18:08:00
Summary
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.
Common Weakness Enumeration (CWE): CWE-273: Improper Check for Dropped Privileges
CWE Description: The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14298 vulnerability.
References
- https://access.redhat.com/security/vulnerabilities/runcescape
- https://access.redhat.com/security/cve/CVE-2020-14298
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-5736
- https://access.redhat.com/errata/RHBA-2020:0427
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19338: A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5…
Published: 2020-07-13T17:15:00 Last Modified: 2020-07-21T17:17:00
Summary
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has ‘TSX’ enabled. Confidentiality of data is the highest threat associated with this vulnerability.
Common Weakness Enumeration (CWE): CWE-203: Observable Discrepancy
CWE Description: The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-19338 vulnerability.
References
- https://www.openwall.com/lists/oss-security/2019/12/10/3
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19338
- https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10756: An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU…
Published: 2020-07-09T16:15:00 Last Modified: 2021-08-04T17:14:00
Summary
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10756 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1835986
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYTZ32P67PZER6P7TW6FQK3SZRKQLVEI/
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00040.html
- https://www.debian.org/security/2020/dsa-4728
- https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html
- https://usn.ubuntu.com/4437-1/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1005/
- https://usn.ubuntu.com/4467-1/
- https://security.netapp.com/advisory/ntap-20201001-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10769: A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys…
Published: 2020-06-26T16:15:00 Last Modified: 2021-06-14T18:15:00
Summary
A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm’s module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10769 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1708775;
- https://lkml.org/lkml/2019/1/21/675
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10757: A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge…
Published: 2020-06-09T13:15:00 Last Modified: 2021-07-21T11:39:00
Summary
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
Common Weakness Enumeration (CWE): CWE-843: Access of Resource Using Incompatible Type (‘Type Confusion’)
CWE Description: The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.4
- CVSS: 6.9
- CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10757 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1842525
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9
- https://www.openwall.com/lists/oss-security/2020/06/04/4
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://www.debian.org/security/2020/dsa-4699
- https://www.debian.org/security/2020/dsa-4698
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC/
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
- https://security.netapp.com/advisory/ntap-20200702-0004/
- https://usn.ubuntu.com/4439-1/
- https://usn.ubuntu.com/4426-1/
- https://usn.ubuntu.com/4440-1/
- https://usn.ubuntu.com/4483-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10761: An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions…
Published: 2020-06-09T13:15:00 Last Modified: 2020-11-11T06:15:00
Summary
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.
Common Weakness Enumeration (CWE): CWE-617: Reachable Assertion
CWE Description: The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-10761 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761
- https://www.openwall.com/lists/oss-security/2020/06/09/1
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html
- https://security.netapp.com/advisory/ntap-20200731-0001/
- https://usn.ubuntu.com/4467-1/
- https://security.gentoo.org/glsa/202011-09
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10749: A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6,…
Published: 2020-06-03T14:15:00 Last Modified: 2021-05-05T13:57:00
Summary
A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.
Scores
- Impact Score: 6.4
- Exploitability Score: 6.8
- CVSS: 6.0
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-10749 vulnerability.
References
- https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10751: A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where…
Published: 2020-05-26T15:15:00 Last Modified: 2021-06-14T18:15:00
Summary
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.
Common Weakness Enumeration (CWE): CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data
CWE Description: The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10751 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751
- https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg@mail.gmail.com/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6
- https://www.openwall.com/lists/oss-security/2020/04/30/5
- http://www.openwall.com/lists/oss-security/2020/05/27/3
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://www.debian.org/security/2020/dsa-4699
- https://www.debian.org/security/2020/dsa-4698
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
- https://usn.ubuntu.com/4389-1/
- https://usn.ubuntu.com/4390-1/
- https://usn.ubuntu.com/4391-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
- https://usn.ubuntu.com/4413-1/
- https://usn.ubuntu.com/4412-1/
- https://www.oracle.com/security-alerts/cpuApr2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10711: A NULL pointer dereference flaw was found in the Linux kernel’s SELinux subsystem in versions…
Published: 2020-05-22T15:15:00 Last Modified: 2021-08-04T17:14:00
Summary
A NULL pointer dereference flaw was found in the Linux kernel’s SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol’s category bitmap into the SELinux extensible bitmap via the’ ebitmap_netlbl_import’ routine. While processing the CIPSO restricted bitmap tag in the ‘cipso_v4_parsetag_rbm’ routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-10711 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711
- https://www.openwall.com/lists/oss-security/2020/05/12/2
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://www.debian.org/security/2020/dsa-4699
- https://www.debian.org/security/2020/dsa-4698
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
- https://usn.ubuntu.com/4413-1/
- https://usn.ubuntu.com/4411-1/
- https://usn.ubuntu.com/4412-1/
- https://usn.ubuntu.com/4419-1/
- https://usn.ubuntu.com/4414-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-12826: A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka…
Published: 2020-05-12T19:15:00 Last Modified: 2021-07-15T19:16:00
Summary
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-12826 vulnerability.
References
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5
- https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef
- https://www.openwall.com/lists/kernel-hardening/2020/03/25/1
- https://lists.openwall.net/linux-kernel/2020/03/24/1803
- https://bugzilla.redhat.com/show_bug.cgi?id=1822077
- https://usn.ubuntu.com/4367-1/
- https://usn.ubuntu.com/4369-1/
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://usn.ubuntu.com/4391-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10690: There is a use-after-free in kernel versions before 5.5 due to a race condition between the…
Published: 2020-05-08T15:15:00 Last Modified: 2021-12-20T23:03:00
Summary
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10690 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
- https://usn.ubuntu.com/4419-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-12458: An information-disclosure flaw was found in Grafana through 6.7.3. The database directory…
Published: 2020-04-29T16:15:00 Last Modified: 2021-07-21T11:39:00
Summary
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).
Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource
CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-12458 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1827765
- https://github.com/grafana/grafana/issues/8283
- https://access.redhat.com/security/cve/CVE-2020-12458
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS/
- https://security.netapp.com/advisory/ntap-20200518-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-12430: An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0…
Published: 2020-04-28T20:15:00 Last Modified: 2020-06-16T03:15:00
Summary
An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.
Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime
CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-12430 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1804548
- https://bugzilla.redhat.com/show_bug.cgi?id=1828190
- https://libvirt.org/git/?p=libvirt.git;a=commit;h=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581
- https://security.netapp.com/advisory/ntap-20200518-0003/
- https://usn.ubuntu.com/4371-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1722: A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>=…
Published: 2020-04-27T21:15:00 Last Modified: 2020-05-26T15:12:00
Summary
A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 6.9
- Exploitability Score: 4.9
- CVSS: 5.4
- CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-1722 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1751: An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal…
Published: 2020-04-17T19:15:00 Last Modified: 2020-07-09T20:15:00
Summary
An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 8.5
- Exploitability Score: 3.4
- CVSS: 5.9
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:C
Impact
- Availability: COMPLETE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-1751 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751
- https://sourceware.org/bugzilla/show_bug.cgi?id=25423
- https://security.netapp.com/advisory/ntap-20200430-0002/
- https://security.gentoo.org/glsa/202006-04
- https://usn.ubuntu.com/4416-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-11868: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block…
Published: 2020-04-17T04:15:00 Last Modified: 2021-07-21T11:39:00
Summary
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
Common Weakness Enumeration (CWE): CWE-346: Origin Validation Error
CWE Description: The software does not properly verify that the source of data or communication is valid.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-11868 vulnerability.
References
- http://support.ntp.org/bin/view/Main/NtpBug3592
- https://bugzilla.redhat.com/show_bug.cgi?id=1716665
- https://security.netapp.com/advisory/ntap-20200424-0002/
- https://lists.debian.org/debian-lts-announce/2020/05/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html
- https://security.gentoo.org/glsa/202007-12
- https://www.oracle.com//security-alerts/cpujul2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1730: A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR…
Published: 2020-04-13T19:15:00 Last Modified: 2021-09-14T13:39:00
Summary
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn’t been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-1730 vulnerability.
References
- https://www.libssh.org/security/advisories/CVE-2020-1730.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554/
- https://usn.ubuntu.com/4327-1/
- https://security.netapp.com/advisory/ntap-20200424-0001/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU/
- https://www.oracle.com/security-alerts/cpuoct2020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-11669: An issue was discovered in the Linux kernel before 5.2 on the powerpc platform….
Published: 2020-04-10T15:15:00 Last Modified: 2020-05-28T15:15:00
Summary
An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-11669 vulnerability.
References
- https://github.com/torvalds/linux/commit/53a712bae5dd919521a58d7bad773b949358add0
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=53a712bae5dd919521a58d7bad773b949358add0
- https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April/208660.html
- https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April/208661.html
- https://access.redhat.com/errata/RHSA-2019:3517
- https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April/208663.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html
- https://security.netapp.com/advisory/ntap-20200430-0001/
- https://usn.ubuntu.com/4368-1/
- https://usn.ubuntu.com/4363-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-2732: A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2…
Published: 2020-04-08T22:15:00 Last Modified: 2020-06-10T20:15:00
Summary
A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 4.4
- CVSS: 2.3
- CVSS Vector: AV:A/AC:M/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2020-2732 vulnerability.
References
- https://www.spinics.net/lists/kvm/msg208259.html
- https://linux.oracle.com/errata/ELSA-2020-5540.html
- https://linux.oracle.com/errata/ELSA-2020-5542.html
- https://www.openwall.com/lists/oss-security/2020/02/25/3
- https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c
- https://bugzilla.redhat.com/show_bug.cgi?id=1805135
- https://linux.oracle.com/errata/ELSA-2020-5543.html
- https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec
- https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d
- https://www.debian.org/security/2020/dsa-4667
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://www.debian.org/security/2020/dsa-4698
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10696: A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an…
Published: 2020-03-31T22:15:00 Last Modified: 2020-04-01T13:18:00
Summary
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user’s system anywhere that the user has permissions.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-10696 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696
- https://github.com/containers/buildah/pull/2245
- https://access.redhat.com/security/cve/cve-2020-10696
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1712: A heap use-after-free vulnerability was found in systemd before version v245-rc1, where…
Published: 2020-03-31T17:15:00 Last Modified: 2022-01-28T21:24:00
Summary
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-1712 vulnerability.
References
- https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2
- https://www.openwall.com/lists/oss-security/2020/02/05/1
- https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712
- https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb
- https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10179: A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA)…
Published: 2020-03-20T15:15:00 Last Modified: 2020-03-25T14:15:00
Summary
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10179 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10221: A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where…
Published: 2020-03-20T15:15:00 Last Modified: 2020-03-25T14:09:00
Summary
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.
Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10221 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10146: A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the…
Published: 2020-03-18T15:15:00 Last Modified: 2020-03-20T17:29:00
Summary
A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim’s browser.
Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Scores
- Impact Score: 2.9
- Exploitability Score: 4.9
- CVSS: 2.6
- CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10146 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1720: A flaw was found in PostgreSQL’s “ALTER … DEPENDS ON EXTENSION”, where sub-commands did not…
Published: 2020-03-17T16:15:00 Last Modified: 2020-10-15T13:28:00
Summary
A flaw was found in PostgreSQL’s “ALTER … DEPENDS ON EXTENSION”, where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 2.9
- Exploitability Score: 6.8
- CVSS: 3.5
- CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-1720 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1720
- https://www.postgresql.org/about/news/2011/
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10531: An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An…
Published: 2020-03-12T19:15:00 Last Modified: 2021-07-21T11:39:00
Summary
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-10531 vulnerability.
References
- https://github.com/unicode-org/icu/pull/971
- https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08
- https://unicode-org.atlassian.net/browse/ICU-20958
- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
- https://bugs.chromium.org/p/chromium/issues/detail?id=1044570
- https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca
- https://access.redhat.com/errata/RHSA-2020:0738
- https://security.gentoo.org/glsa/202003-15
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
- https://lists.debian.org/debian-lts-announce/2020/03/msg00024.html
- https://www.debian.org/security/2020/dsa-4646
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
- https://usn.ubuntu.com/4305-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00004.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-4650: The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL…
Published: 2020-02-20T17:15:00 Last Modified: 2020-02-26T13:49:00
Summary
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2014-4650 vulnerability.
References
- http://bugs.python.org/issue21766
- http://openwall.com/lists/oss-security/2014/06/26/3
- https://access.redhat.com/security/cve/cve-2014-4650
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-8089: SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before…
Published: 2020-02-17T22:15:00 Last Modified: 2020-02-20T15:04:00
Summary
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
Common Weakness Enumeration (CWE): CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
CWE Description: The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2014-8089 vulnerability.
References
- http://www.securityfocus.com/bid/70011
- https://bugzilla.redhat.com/show_bug.cgi?id=1151277
- http://framework.zend.com/security/advisory/ZF2014-06
- http://seclists.org/oss-sec/2014/q4/276
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-3757: Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and…
Published: 2020-02-13T16:15:00 Last Modified: 2021-09-16T13:16:00
Summary
Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-843: Access of Resource Using Incompatible Type (‘Type Confusion’)
CWE Description: The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-3757 vulnerability.
References
- https://helpx.adobe.com/security/products/flash-player/apsb20-06.html
- https://access.redhat.com/errata/RHSA-2020:0513
- https://security.gentoo.org/glsa/202003-61
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1711: An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU…
Published: 2020-02-11T20:15:00 Last Modified: 2021-08-04T17:14:00
Summary
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 6.8
- CVSS: 6.0
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-1711 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711
- https://www.openwall.com/lists/oss-security/2020/01/23/3
- https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html
- https://usn.ubuntu.com/4283-1/
- https://access.redhat.com/errata/RHSA-2020:0669
- https://access.redhat.com/errata/RHSA-2020:0730
- https://access.redhat.com/errata/RHSA-2020:0731
- https://access.redhat.com/errata/RHSA-2020:0773
- https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
- https://security.gentoo.org/glsa/202005-02
- https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1726: A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite…
Published: 2020-02-11T20:15:00 Last Modified: 2020-09-28T15:15:00
Summary
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.
Common Weakness Enumeration (CWE): CWE-552: Files or Directories Accessible to External Parties
CWE Description: The product makes files or directories accessible to unauthorized actors, even though they should not be.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-1726 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726
- https://access.redhat.com/errata/RHSA-2020:0680
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00097.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00103.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2009-4067: Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux…
Published: 2020-02-11T19:15:00 Last Modified: 2020-02-12T21:42:00
Summary
Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.
Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2009-4067 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=722393
- http://labs.mwrinfosecurity.com/files/Advisories/mwri_linux-usb-buffer-overflow_2009-10-29.pdf
See also: All popular products CVE Vulnerabilities of redhat
CVE-2013-4535: The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers…
Published: 2020-02-11T16:15:00 Last Modified: 2020-02-13T00:25:00
Summary
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2013-4535 vulnerability.
References
- http://git.qemu.org/?p=qemu.git;a=commitdiff;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4
- http://rhn.redhat.com/errata/RHSA-2014-0744.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1066401
- http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
- http://rhn.redhat.com/errata/RHSA-2014-0743.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-6402: Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87…
Published: 2020-02-11T15:15:00 Last Modified: 2021-09-16T13:16:00
Summary
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-6402 vulnerability.
References
- https://crbug.com/1029375
- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
- https://access.redhat.com/errata/RHSA-2020:0514
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
- https://www.debian.org/security/2020/dsa-4638
- https://security.gentoo.org/glsa/202003-08
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2012-4512: The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to…
Published: 2020-02-08T19:15:00 Last Modified: 2020-02-14T16:39:00
Summary
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to “type confusion.”
Common Weakness Enumeration (CWE): CWE-843: Access of Resource Using Incompatible Type (‘Type Confusion’)
CWE Description: The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2012-4512 vulnerability.
References
- http://secunia.com/advisories/51097
- http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html
- http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=a872c8a969a8bd3706253d6ba24088e4f07f3352
- http://rhn.redhat.com/errata/RHSA-2012-1418.html
- http://www.openwall.com/lists/oss-security/2012/10/11/11
- http://www.securitytracker.com/id?1027709
- http://www.openwall.com/lists/oss-security/2012/10/30/6
- http://rhn.redhat.com/errata/RHSA-2012-1416.html
- http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html
- http://secunia.com/advisories/51145
See also: All popular products CVE Vulnerabilities of redhat
CVE-2015-5741: The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP…
Published: 2020-02-08T19:15:00 Last Modified: 2021-08-04T17:15:00
Summary
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.
Common Weakness Enumeration (CWE): CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)
CWE Description: When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to “smuggle” a request to one device without the other device being aware of it.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2015-5741 vulnerability.
References
- https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f
- http://seclists.org/oss-sec/2015/q3/292
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1250352
- http://seclists.org/oss-sec/2015/q3/237
- http://seclists.org/oss-sec/2015/q3/294
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-15606: Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of…
Published: 2020-02-07T15:15:00 Last Modified: 2021-07-20T23:15:00
Summary
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-15606 vulnerability.
References
- https://nodejs.org/en/blog/release/v13.8.0/
- https://hackerone.com/reports/730779
- https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
- https://nodejs.org/en/blog/release/v10.19.0/
- https://nodejs.org/en/blog/release/v12.15.0/
- https://access.redhat.com/errata/RHSA-2020:0573
- https://security.netapp.com/advisory/ntap-20200221-0004/
- https://access.redhat.com/errata/RHSA-2020:0579
- https://access.redhat.com/errata/RHSA-2020:0598
- https://access.redhat.com/errata/RHSA-2020:0597
- https://access.redhat.com/errata/RHSA-2020:0602
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html
- https://security.gentoo.org/glsa/202003-48
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.debian.org/security/2020/dsa-4669
- https://www.oracle.com//security-alerts/cpujul2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2013-4166: The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and…
Published: 2020-02-06T15:15:00 Last Modified: 2020-02-10T18:47:00
Summary
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2013-4166 vulnerability.
References
- http://rhn.redhat.com/errata/RHSA-2013-1540.html
- https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d
- https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5
- https://bugzilla.redhat.com/show_bug.cgi?id=973728
- http://seclists.org/oss-sec/2013/q3/191
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-8141: Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows…
Published: 2020-01-31T23:15:00 Last Modified: 2020-02-05T21:26:00
Summary
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2014-8141 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1174856
- http://www.securitytracker.com/id/1031433
- http://www.ocert.org/advisories/ocert-2014-011.html
- https://access.redhat.com/errata/RHSA-2015:0700
See also: All popular products CVE Vulnerabilities of redhat
CVE-2015-6815: The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process…
Published: 2020-01-31T22:15:00 Last Modified: 2021-11-30T19:50:00
Summary
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Scores
- Impact Score: 2.9
- Exploitability Score: 5.1
- CVSS: 2.7
- CVSS Vector: AV:A/AC:L/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2015-6815 vulnerability.
References
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html
- http://www.openwall.com/lists/oss-security/2015/09/04/4
- https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html
- https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html
- http://www.ubuntu.com/usn/USN-2745-1
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html
- http://www.openwall.com/lists/oss-security/2015/09/05/5
- https://bugzilla.redhat.com/show_bug.cgi?id=1260076
- https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-8140: Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows…
Published: 2020-01-31T22:15:00 Last Modified: 2020-02-05T20:40:00
Summary
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2014-8140 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1174851
- http://www.securitytracker.com/id/1031433
- http://www.ocert.org/advisories/ocert-2014-011.html
- https://access.redhat.com/errata/RHSA-2015:0700
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-8139: Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows…
Published: 2020-01-31T22:15:00 Last Modified: 2020-02-05T20:50:00
Summary
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2014-8139 vulnerability.
References
- http://www.securitytracker.com/id/1031433
- http://www.ocert.org/advisories/ocert-2014-011.html
- https://access.redhat.com/errata/RHSA-2015:0700
- https://bugzilla.redhat.com/show_bug.cgi?id=1174844
See also: All popular products CVE Vulnerabilities of redhat
CVE-2011-4088: ABRT might allow attackers to obtain sensitive information from crash reports.
Published: 2020-01-31T17:15:00 Last Modified: 2020-02-05T19:01:00
Summary
ABRT might allow attackers to obtain sensitive information from crash reports.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2011-4088 vulnerability.
References
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071027.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71871
See also: All popular products CVE Vulnerabilities of redhat
CVE-2015-0294: GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a…
Published: 2020-01-27T16:15:00 Last Modified: 2020-01-31T15:24:00
Summary
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation
CWE Description: The software does not validate, or incorrectly validates, a certificate.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2015-0294 vulnerability.
References
- http://www.debian.org/security/2015/dsa-3191
- https://bugzilla.redhat.com/show_bug.cgi?id=1196323
- https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14907: All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an…
Published: 2020-01-21T18:15:00 Last Modified: 2021-05-29T13:15:00
Summary
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with “log level = 3” (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 4.9
- CVSS: 2.6
- CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-14907 vulnerability.
References
- https://www.samba.org/samba/security/CVE-2019-14907.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907
- https://security.netapp.com/advisory/ntap-20200122-0001/
- https://www.synology.com/security/advisory/Synology_SA_20_01
- https://usn.ubuntu.com/4244-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/
- https://security.gentoo.org/glsa/202003-52
- https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19339: It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix…
Published: 2020-01-17T19:15:00 Last Modified: 2020-10-19T19:52:00
Summary
It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU’s local cache and system software’s Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor’s Memory Management Unit (MMU) uses Paging structure entries to translate program’s virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses. System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor’s TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-19339 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-2604: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component:…
Published: 2020-01-15T17:15:00 Last Modified: 2021-07-21T11:39:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data
CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-2604 vulnerability.
References
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://access.redhat.com/errata/RHSA-2020:0122
- https://access.redhat.com/errata/RHSA-2020:0128
- https://access.redhat.com/errata/RHSA-2020:0196
- https://security.netapp.com/advisory/ntap-20200122-0003/
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html
- https://access.redhat.com/errata/RHSA-2020:0202
- https://access.redhat.com/errata/RHSA-2020:0232
- https://access.redhat.com/errata/RHSA-2020:0231
- https://usn.ubuntu.com/4257-1/
- https://access.redhat.com/errata/RHSA-2020:0470
- https://access.redhat.com/errata/RHSA-2020:0467
- https://access.redhat.com/errata/RHSA-2020:0465
- https://access.redhat.com/errata/RHSA-2020:0468
- https://access.redhat.com/errata/RHSA-2020:0469
- https://www.debian.org/security/2020/dsa-4621
- https://seclists.org/bugtraq/2020/Feb/22
- https://access.redhat.com/errata/RHSA-2020:0541
- https://access.redhat.com/errata/RHSA-2020:0632
- https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10315
- https://security.gentoo.org/glsa/202101-19
- https://www.oracle.com/security-alerts/cpujul2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-2601: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security)….
Published: 2020-01-15T17:15:00 Last Modified: 2021-03-04T20:49:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-2601 vulnerability.
References
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://access.redhat.com/errata/RHSA-2020:0122
- https://access.redhat.com/errata/RHSA-2020:0128
- https://www.debian.org/security/2020/dsa-4605
- https://seclists.org/bugtraq/2020/Jan/24
- https://access.redhat.com/errata/RHSA-2020:0157
- https://access.redhat.com/errata/RHSA-2020:0196
- https://security.netapp.com/advisory/ntap-20200122-0003/
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html
- https://access.redhat.com/errata/RHSA-2020:0202
- https://access.redhat.com/errata/RHSA-2020:0232
- https://access.redhat.com/errata/RHSA-2020:0231
- https://usn.ubuntu.com/4257-1/
- https://www.debian.org/security/2020/dsa-4621
- https://seclists.org/bugtraq/2020/Feb/22
- https://access.redhat.com/errata/RHSA-2020:0541
- https://access.redhat.com/errata/RHSA-2020:0632
- https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html
- https://security.gentoo.org/glsa/202101-19
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-2654: Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions…
Published: 2020-01-15T17:15:00 Last Modified: 2021-03-04T20:47:00
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-2654 vulnerability.
References
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://access.redhat.com/errata/RHSA-2020:0122
- https://access.redhat.com/errata/RHSA-2020:0128
- https://www.debian.org/security/2020/dsa-4605
- https://seclists.org/bugtraq/2020/Jan/24
- https://access.redhat.com/errata/RHSA-2020:0157
- https://access.redhat.com/errata/RHSA-2020:0196
- https://security.netapp.com/advisory/ntap-20200122-0003/
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html
- https://access.redhat.com/errata/RHSA-2020:0202
- https://access.redhat.com/errata/RHSA-2020:0232
- https://access.redhat.com/errata/RHSA-2020:0231
- https://usn.ubuntu.com/4257-1/
- https://www.debian.org/security/2020/dsa-4621
- https://seclists.org/bugtraq/2020/Feb/22
- https://access.redhat.com/errata/RHSA-2020:0541
- https://access.redhat.com/errata/RHSA-2020:0632
- https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10315
- https://security.gentoo.org/glsa/202101-19
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-2590: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security)….
Published: 2020-01-15T17:15:00 Last Modified: 2021-02-26T19:38:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-2590 vulnerability.
References
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://access.redhat.com/errata/RHSA-2020:0122
- https://access.redhat.com/errata/RHSA-2020:0128
- https://www.debian.org/security/2020/dsa-4605
- https://seclists.org/bugtraq/2020/Jan/24
- https://access.redhat.com/errata/RHSA-2020:0157
- https://access.redhat.com/errata/RHSA-2020:0196
- https://security.netapp.com/advisory/ntap-20200122-0003/
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html
- https://access.redhat.com/errata/RHSA-2020:0202
- https://access.redhat.com/errata/RHSA-2020:0232
- https://access.redhat.com/errata/RHSA-2020:0231
- https://usn.ubuntu.com/4257-1/
- https://www.debian.org/security/2020/dsa-4621
- https://seclists.org/bugtraq/2020/Feb/22
- https://access.redhat.com/errata/RHSA-2020:0541
- https://access.redhat.com/errata/RHSA-2020:0632
- https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10315
- https://security.gentoo.org/glsa/202101-19
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-2659: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking)….
Published: 2020-01-15T17:15:00 Last Modified: 2021-12-06T15:07:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-2659 vulnerability.
References
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://access.redhat.com/errata/RHSA-2020:0157
- https://access.redhat.com/errata/RHSA-2020:0196
- https://security.netapp.com/advisory/ntap-20200122-0003/
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html
- https://access.redhat.com/errata/RHSA-2020:0202
- https://access.redhat.com/errata/RHSA-2020:0231
- https://usn.ubuntu.com/4257-1/
- https://access.redhat.com/errata/RHSA-2020:0470
- https://access.redhat.com/errata/RHSA-2020:0467
- https://access.redhat.com/errata/RHSA-2020:0465
- https://access.redhat.com/errata/RHSA-2020:0468
- https://access.redhat.com/errata/RHSA-2020:0469
- https://www.debian.org/security/2020/dsa-4621
- https://seclists.org/bugtraq/2020/Feb/22
- https://access.redhat.com/errata/RHSA-2020:0541
- https://access.redhat.com/errata/RHSA-2020:0632
- https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html
- https://security.gentoo.org/glsa/202101-19
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-2593: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking)….
Published: 2020-01-15T17:15:00 Last Modified: 2021-03-04T21:00:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-2593 vulnerability.
References
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://access.redhat.com/errata/RHSA-2020:0122
- https://access.redhat.com/errata/RHSA-2020:0128
- https://www.debian.org/security/2020/dsa-4605
- https://seclists.org/bugtraq/2020/Jan/24
- https://access.redhat.com/errata/RHSA-2020:0157
- https://access.redhat.com/errata/RHSA-2020:0196
- https://security.netapp.com/advisory/ntap-20200122-0003/
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html
- https://access.redhat.com/errata/RHSA-2020:0202
- https://access.redhat.com/errata/RHSA-2020:0232
- https://access.redhat.com/errata/RHSA-2020:0231
- https://usn.ubuntu.com/4257-1/
- https://access.redhat.com/errata/RHSA-2020:0470
- https://access.redhat.com/errata/RHSA-2020:0467
- https://access.redhat.com/errata/RHSA-2020:0465
- https://access.redhat.com/errata/RHSA-2020:0468
- https://access.redhat.com/errata/RHSA-2020:0469
- https://www.debian.org/security/2020/dsa-4621
- https://seclists.org/bugtraq/2020/Feb/22
- https://access.redhat.com/errata/RHSA-2020:0541
- https://access.redhat.com/errata/RHSA-2020:0632
- https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10315
- https://security.gentoo.org/glsa/202101-19
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-2655: Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that…
Published: 2020-01-15T17:15:00 Last Modified: 2020-01-28T13:15:00
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-2655 vulnerability.
References
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://access.redhat.com/errata/RHSA-2020:0122
- https://access.redhat.com/errata/RHSA-2020:0128
- https://www.debian.org/security/2020/dsa-4605
- https://seclists.org/bugtraq/2020/Jan/24
- https://security.netapp.com/advisory/ntap-20200122-0003/
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html
- https://access.redhat.com/errata/RHSA-2020:0232
- https://usn.ubuntu.com/4257-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-2583: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component:…
Published: 2020-01-15T17:15:00 Last Modified: 2021-07-21T11:39:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Common Weakness Enumeration (CWE): CWE-755: Improper Handling of Exceptional Conditions
CWE Description: The software does not handle or incorrectly handles an exceptional condition.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-2583 vulnerability.
References
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://access.redhat.com/errata/RHSA-2020:0122
- https://access.redhat.com/errata/RHSA-2020:0128
- https://www.debian.org/security/2020/dsa-4605
- https://seclists.org/bugtraq/2020/Jan/24
- https://access.redhat.com/errata/RHSA-2020:0157
- https://access.redhat.com/errata/RHSA-2020:0196
- https://security.netapp.com/advisory/ntap-20200122-0003/
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html
- https://access.redhat.com/errata/RHSA-2020:0202
- https://access.redhat.com/errata/RHSA-2020:0232
- https://access.redhat.com/errata/RHSA-2020:0231
- https://usn.ubuntu.com/4257-1/
- https://access.redhat.com/errata/RHSA-2020:0470
- https://access.redhat.com/errata/RHSA-2020:0467
- https://access.redhat.com/errata/RHSA-2020:0465
- https://access.redhat.com/errata/RHSA-2020:0468
- https://access.redhat.com/errata/RHSA-2020:0469
- https://www.debian.org/security/2020/dsa-4621
- https://seclists.org/bugtraq/2020/Feb/22
- https://access.redhat.com/errata/RHSA-2020:0541
- https://access.redhat.com/errata/RHSA-2020:0632
- https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10315
- https://security.gentoo.org/glsa/202101-19
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-0602: A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka…
Published: 2020-01-14T23:15:00 Last Modified: 2021-07-21T11:39:00
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ‘ASP.NET Core Denial of Service Vulnerability’.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-0602 vulnerability.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602
- https://access.redhat.com/errata/RHSA-2020:0130
- https://access.redhat.com/errata/RHSA-2020:0134
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-0603: A remote code execution vulnerability exists in ASP.NET Core software when the software fails to…
Published: 2020-01-14T23:15:00 Last Modified: 2021-07-21T11:39:00
Summary
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka ‘ASP.NET Core Remote Code Execution Vulnerability’.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-0603 vulnerability.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603
- https://access.redhat.com/errata/RHSA-2020:0130
- https://access.redhat.com/errata/RHSA-2020:0134
See also: All popular products CVE Vulnerabilities of redhat
CVE-2015-3147: daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports…
Published: 2020-01-14T18:15:00 Last Modified: 2020-01-21T15:47:00
Summary
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)
CWE Description: The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Scores
- Impact Score: 4.9
- Exploitability Score: 6.8
- CVSS: 4.9
- CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2015-3147 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1212953
- http://rhn.redhat.com/errata/RHSA-2015-1083.html
- http://www.openwall.com/lists/oss-security/2015/04/17/5
- https://github.com/abrt/abrt/pull/955
- https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-7844: BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted…
Published: 2020-01-14T17:15:00 Last Modified: 2020-01-21T16:05:00
Summary
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
Common Weakness Enumeration (CWE): CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
CWE Description: The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2014-7844 vulnerability.
References
- http://www.debian.org/security/2014/dsa-3104
- http://www.debian.org/security/2014/dsa-3105
- http://seclists.org/oss-sec/2014/q4/1066
- http://linux.oracle.com/errata/ELSA-2014-1999.html
- http://rhn.redhat.com/errata/RHSA-2014-1999.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-6377: Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to…
Published: 2020-01-10T22:15:00 Last Modified: 2021-07-21T11:39:00
Summary
Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-6377 vulnerability.
References
- https://crbug.com/1029462
- https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PSUXNEUS6N42UJNQVCQSTSM6CSW2REPG/
- https://access.redhat.com/errata/RHSA-2020:0084
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
- https://seclists.org/bugtraq/2020/Jan/27
- https://www.debian.org/security/2020/dsa-4606
- https://security.gentoo.org/glsa/202003-08
See also: All popular products CVE Vulnerabilities of redhat
CVE-2012-2142: The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute…
Published: 2020-01-09T21:15:00 Last Modified: 2020-01-15T18:30:00
Summary
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2012-2142 vulnerability.
References
- http://www.openwall.com/lists/oss-security/2013/08/09/5
- https://bugzilla.redhat.com/show_bug.cgi?id=789936
- http://www.openwall.com/lists/oss-security/2013/08/09/6
- http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40
- http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19332: An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in…
Published: 2020-01-09T15:15:00 Last Modified: 2020-03-13T14:15:00
Summary
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel’s KVM hypervisor handled the ‘KVM_GET_EMULATED_CPUID’ ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the ‘/dev/kvm’ device could use this flaw to crash the system, resulting in a denial of service.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 7.8
- Exploitability Score: 3.9
- CVSS: 5.6
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-19332 vulnerability.
References
- https://www.openwall.com/lists/oss-security/2019/12/16/1
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332
- https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50@google.com/
- http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://usn.ubuntu.com/4254-1/
- https://usn.ubuntu.com/4254-2/
- https://security.netapp.com/advisory/ntap-20200204-0002/
- https://usn.ubuntu.com/4258-1/
- https://usn.ubuntu.com/4287-1/
- https://usn.ubuntu.com/4287-2/
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://usn.ubuntu.com/4284-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-17016: When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer…
Published: 2020-01-08T22:15:00 Last Modified: 2020-01-13T20:15:00
Summary
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-17016 vulnerability.
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1599181
- https://www.mozilla.org/security/advisories/mfsa2020-01/
- https://www.mozilla.org/security/advisories/mfsa2020-02/
- https://seclists.org/bugtraq/2020/Jan/12
- https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html
- https://www.debian.org/security/2020/dsa-4600
- https://usn.ubuntu.com/4234-1/
- https://seclists.org/bugtraq/2020/Jan/18
- https://access.redhat.com/errata/RHSA-2020:0086
- https://access.redhat.com/errata/RHSA-2020:0085
- http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html
- https://access.redhat.com/errata/RHSA-2020:0111
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html
- https://access.redhat.com/errata/RHSA-2020:0123
- https://access.redhat.com/errata/RHSA-2020:0120
- https://access.redhat.com/errata/RHSA-2020:0127
- https://usn.ubuntu.com/4241-1/
- https://www.debian.org/security/2020/dsa-4603
- https://seclists.org/bugtraq/2020/Jan/26
- https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html
- https://access.redhat.com/errata/RHSA-2020:0295
- https://access.redhat.com/errata/RHSA-2020:0292
- https://security.gentoo.org/glsa/202003-02
- https://usn.ubuntu.com/4335-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-17017: Due to a missing case handling object types, a type confusion vulnerability could occur,…
Published: 2020-01-08T22:15:00 Last Modified: 2020-01-13T20:15:00
Summary
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Common Weakness Enumeration (CWE): CWE-843: Access of Resource Using Incompatible Type (‘Type Confusion’)
CWE Description: The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-17017 vulnerability.
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1603055
- https://www.mozilla.org/security/advisories/mfsa2020-01/
- https://www.mozilla.org/security/advisories/mfsa2020-02/
- https://seclists.org/bugtraq/2020/Jan/12
- https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html
- https://www.debian.org/security/2020/dsa-4600
- https://usn.ubuntu.com/4234-1/
- https://seclists.org/bugtraq/2020/Jan/18
- https://access.redhat.com/errata/RHSA-2020:0086
- https://access.redhat.com/errata/RHSA-2020:0085
- http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html
- https://access.redhat.com/errata/RHSA-2020:0111
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html
- https://access.redhat.com/errata/RHSA-2020:0123
- https://access.redhat.com/errata/RHSA-2020:0120
- https://access.redhat.com/errata/RHSA-2020:0127
- https://usn.ubuntu.com/4241-1/
- https://www.debian.org/security/2020/dsa-4603
- https://seclists.org/bugtraq/2020/Jan/26
- https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html
- https://access.redhat.com/errata/RHSA-2020:0295
- https://access.redhat.com/errata/RHSA-2020:0292
- https://security.gentoo.org/glsa/202003-02
- https://usn.ubuntu.com/4335-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-17022: When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer…
Published: 2020-01-08T22:15:00 Last Modified: 2020-01-13T20:15:00
Summary
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node’s innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-17022 vulnerability.
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1602843
- https://www.mozilla.org/security/advisories/mfsa2020-01/
- https://www.mozilla.org/security/advisories/mfsa2020-02/
- https://seclists.org/bugtraq/2020/Jan/12
- https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html
- https://www.debian.org/security/2020/dsa-4600
- https://usn.ubuntu.com/4234-1/
- https://seclists.org/bugtraq/2020/Jan/18
- https://access.redhat.com/errata/RHSA-2020:0086
- https://access.redhat.com/errata/RHSA-2020:0085
- http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html
- https://access.redhat.com/errata/RHSA-2020:0111
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html
- https://access.redhat.com/errata/RHSA-2020:0123
- https://access.redhat.com/errata/RHSA-2020:0120
- https://access.redhat.com/errata/RHSA-2020:0127
- https://usn.ubuntu.com/4241-1/
- https://www.debian.org/security/2020/dsa-4603
- https://seclists.org/bugtraq/2020/Jan/26
- https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html
- https://access.redhat.com/errata/RHSA-2020:0295
- https://access.redhat.com/errata/RHSA-2020:0292
- https://security.gentoo.org/glsa/202003-02
- https://usn.ubuntu.com/4335-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-17024: Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some…
Published: 2020-01-08T22:15:00 Last Modified: 2021-07-21T11:39:00
Summary
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-17024 vulnerability.
References
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507180%2C1595470%2C1598605%2C1601826
- https://www.mozilla.org/security/advisories/mfsa2020-01/
- https://www.mozilla.org/security/advisories/mfsa2020-02/
- https://seclists.org/bugtraq/2020/Jan/12
- https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html
- https://www.debian.org/security/2020/dsa-4600
- https://usn.ubuntu.com/4234-1/
- https://seclists.org/bugtraq/2020/Jan/18
- https://access.redhat.com/errata/RHSA-2020:0086
- https://access.redhat.com/errata/RHSA-2020:0085
- http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html
- https://access.redhat.com/errata/RHSA-2020:0111
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html
- https://access.redhat.com/errata/RHSA-2020:0123
- https://access.redhat.com/errata/RHSA-2020:0120
- https://access.redhat.com/errata/RHSA-2020:0127
- https://usn.ubuntu.com/4241-1/
- https://www.debian.org/security/2020/dsa-4603
- https://seclists.org/bugtraq/2020/Jan/26
- https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html
- https://access.redhat.com/errata/RHSA-2020:0295
- https://access.redhat.com/errata/RHSA-2020:0292
- https://security.gentoo.org/glsa/202003-02
- https://usn.ubuntu.com/4335-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-11745: When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller…
Published: 2020-01-08T20:15:00 Last Modified: 2021-02-19T17:22:00
Summary
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-11745 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2019-38/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1586176
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html
- https://usn.ubuntu.com/4241-1/
- https://access.redhat.com/errata/RHSA-2020:0243
- https://access.redhat.com/errata/RHSA-2020:0466
- https://security.gentoo.org/glsa/202003-02
- https://security.gentoo.org/glsa/202003-10
- https://security.gentoo.org/glsa/202003-37
- https://usn.ubuntu.com/4335-1/
- https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14906: A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL…
Published: 2020-01-07T21:15:00 Last Modified: 2021-04-05T12:29:00
Summary
A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-14906 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14866: In all versions of cpio before 2.13 does not properly validate input files when generating TAR…
Published: 2020-01-07T17:15:00 Last Modified: 2020-01-10T14:27:00
Summary
In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.4
- CVSS: 6.9
- CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-14866 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14866
- https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html
- https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2012-4451: Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow…
Published: 2020-01-03T17:15:00 Last Modified: 2020-01-14T18:51:00
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2012-4451 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=860738
- http://framework.zend.com/security/advisory/ZF2012-03
- https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733
- http://www.securityfocus.com/bid/55636
- http://seclists.org/oss-sec/2012/q3/571
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10
- https://bugs.gentoo.org/show_bug.cgi?id=436210
- http://seclists.org/oss-sec/2012/q3/573
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14864: Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before…
Published: 2020-01-02T15:15:00 Last Modified: 2021-08-07T15:15:00
Summary
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
Common Weakness Enumeration (CWE): CWE-117: Improper Output Neutralization for Logs
CWE Description: The software does not neutralize or incorrectly neutralizes output that is written to logs.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-14864 vulnerability.
References
- https://github.com/ansible/ansible/pull/63527
- https://github.com/ansible/ansible/issues/63522
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
- https://www.debian.org/security/2021/dsa-4950
See also: All popular products CVE Vulnerabilities of redhat
CVE-2011-3585: Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow…
Published: 2019-12-31T20:15:00 Last Modified: 2020-01-10T17:53:00
Summary
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.
Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
CWE Description: The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.4
- CVSS: 1.9
- CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2011-3585 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=742907
- https://www.openwall.com/lists/oss-security/2011/09/27/1
- https://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=810f7e4e0f2dbcbee0294d9b371071cb08268200
- https://www.openwall.com/lists/oss-security/2011/09/30/5
- https://bugzilla.samba.org/show_bug.cgi?id=7179
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-18390: An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in…
Published: 2019-12-23T16:15:00 Last Modified: 2020-11-16T19:25:00
Summary
An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-18390 vulnerability.
References
- https://access.redhat.com/security/cve/cve-2019-18390
- https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_151
- https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9
- https://bugzilla.redhat.com/show_bug.cgi?id=1765584
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-18389: A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in…
Published: 2019-12-23T16:15:00 Last Modified: 2020-11-16T19:23:00
Summary
A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-18389 vulnerability.
References
- https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=9c280a28651507e6ef87b17b90d47b6af3a4ab7d
- https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921
- https://bugzilla.redhat.com/show_bug.cgi?id=1765577
- https://access.redhat.com/security/cve/cve-2019-18389
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-18391: A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in…
Published: 2019-12-23T16:15:00 Last Modified: 2020-11-09T21:47:00
Summary
A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-18391 vulnerability.
References
- https://access.redhat.com/security/cve/cve-2019-18391
- https://bugzilla.redhat.com/show_bug.cgi?id=1765589
- https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=8c9cfb4e425542e96f0717189fe4658555baaf08
- https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19340: A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where…
Published: 2019-12-19T21:15:00 Last Modified: 2020-12-04T18:15:00
Summary
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with ‘-e rabbitmq_enable_manager=true’ exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.
Common Weakness Enumeration (CWE): CWE-1188: Insecure Default Initialization of Resource
CWE Description: The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-19340 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8506: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS…
Published: 2019-12-18T18:15:00 Last Modified: 2021-05-18T12:59:00
Summary
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-843: Access of Resource Using Incompatible Type (‘Type Confusion’)
CWE Description: The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2019-8506 vulnerability.
References
- https://support.apple.com/HT209605
- https://support.apple.com/HT209604
- https://support.apple.com/HT209601
- https://support.apple.com/HT209603
- https://support.apple.com/HT209599
- https://support.apple.com/HT209602
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8684: Multiple memory corruption issues were addressed with improved memory handling. This issue is…
Published: 2019-12-18T18:15:00 Last Modified: 2021-05-18T13:03:00
Summary
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-8684 vulnerability.
References
- https://support.apple.com/HT210348
- https://support.apple.com/HT210351
- https://support.apple.com/HT210358
- https://support.apple.com/HT210346
- https://support.apple.com/HT210357
- https://support.apple.com/HT210356
- https://support.apple.com/HT210355
- https://support.apple.com/HT210353
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8535: A memory corruption issue was addressed with improved state management. This issue is fixed in…
Published: 2019-12-18T18:15:00 Last Modified: 2021-05-18T12:59:00
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-8535 vulnerability.
References
- https://support.apple.com/HT209605
- https://support.apple.com/HT209604
- https://support.apple.com/HT209601
- https://support.apple.com/HT209603
- https://support.apple.com/HT209599
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8536: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS…
Published: 2019-12-18T18:15:00 Last Modified: 2021-05-18T12:59:00
Summary
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-8536 vulnerability.
References
- https://support.apple.com/HT209605
- https://support.apple.com/HT209604
- https://support.apple.com/HT209601
- https://support.apple.com/HT209603
- https://support.apple.com/HT209599
- https://support.apple.com/HT209602
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8814: Multiple memory corruption issues were addressed with improved memory handling. This issue is…
Published: 2019-12-18T18:15:00 Last Modified: 2021-05-18T13:12:00
Summary
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-8814 vulnerability.
References
- https://support.apple.com/HT210725
- https://support.apple.com/HT210726
- https://support.apple.com/HT210723
- https://support.apple.com/HT210721
- https://support.apple.com/HT210727
- https://support.apple.com/HT210728
- https://security.gentoo.org/glsa/202003-22
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8672: Multiple memory corruption issues were addressed with improved memory handling. This issue is…
Published: 2019-12-18T18:15:00 Last Modified: 2021-05-18T13:01:00
Summary
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2019-8672 vulnerability.
References
- https://support.apple.com/HT210348
- https://support.apple.com/HT210351
- https://support.apple.com/HT210358
- https://support.apple.com/HT210346
- https://support.apple.com/HT210357
- https://support.apple.com/HT210356
- https://support.apple.com/HT210355
- https://support.apple.com/HT210353
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8676: Multiple memory corruption issues were addressed with improved memory handling. This issue is…
Published: 2019-12-18T18:15:00 Last Modified: 2021-05-18T13:01:00
Summary
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-8676 vulnerability.
References
- https://support.apple.com/HT210348
- https://support.apple.com/HT210351
- https://support.apple.com/HT210358
- https://support.apple.com/HT210346
- https://support.apple.com/HT210357
- https://support.apple.com/HT210356
- https://support.apple.com/HT210355
- https://support.apple.com/HT210353
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8688: Multiple memory corruption issues were addressed with improved memory handling. This issue is…
Published: 2019-12-18T18:15:00 Last Modified: 2021-05-18T13:08:00
Summary
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-8688 vulnerability.
References
- https://support.apple.com/HT210348
- https://support.apple.com/HT210351
- https://support.apple.com/HT210358
- https://support.apple.com/HT210346
- https://support.apple.com/HT210357
- https://support.apple.com/HT210356
- https://support.apple.com/HT210355
- https://support.apple.com/HT210353
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8816: Multiple memory corruption issues were addressed with improved memory handling. This issue is…
Published: 2019-12-18T18:15:00 Last Modified: 2021-05-18T13:16:00
Summary
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-8816 vulnerability.
References
- https://support.apple.com/HT210725
- https://support.apple.com/HT210726
- https://support.apple.com/HT210723
- https://support.apple.com/HT210724
- https://support.apple.com/HT210721
- https://support.apple.com/HT210727
- https://support.apple.com/HT210728
- https://security.gentoo.org/glsa/202003-22
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8669: Multiple memory corruption issues were addressed with improved memory handling. This issue is…
Published: 2019-12-18T18:15:00 Last Modified: 2021-05-18T13:01:00
Summary
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-8669 vulnerability.
References
- https://support.apple.com/HT210348
- https://support.apple.com/HT210351
- https://support.apple.com/HT210358
- https://support.apple.com/HT210346
- https://support.apple.com/HT210357
- https://support.apple.com/HT210356
- https://support.apple.com/HT210355
- https://support.apple.com/HT210353
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8544: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS…
Published: 2019-12-18T18:15:00 Last Modified: 2021-05-18T13:00:00
Summary
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-8544 vulnerability.
References
- https://support.apple.com/HT209605
- https://support.apple.com/HT209604
- https://support.apple.com/HT209601
- https://support.apple.com/HT209603
- https://support.apple.com/HT209599
- https://support.apple.com/HT209602
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8689: Multiple memory corruption issues were addressed with improved memory handling. This issue is…
Published: 2019-12-18T18:15:00 Last Modified: 2021-05-18T13:11:00
Summary
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2019-8689 vulnerability.
References
- https://support.apple.com/HT210348
- https://support.apple.com/HT210351
- https://support.apple.com/HT210358
- https://support.apple.com/HT210346
- https://support.apple.com/HT210357
- https://support.apple.com/HT210356
- https://support.apple.com/HT210355
- https://support.apple.com/HT210353
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8815: Multiple memory corruption issues were addressed with improved memory handling. This issue is…
Published: 2019-12-18T18:15:00 Last Modified: 2021-05-18T13:14:00
Summary
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-8815 vulnerability.
References
- https://support.apple.com/HT210725
- https://support.apple.com/HT210726
- https://support.apple.com/HT210723
- https://support.apple.com/HT210721
- https://support.apple.com/HT210727
- https://support.apple.com/HT210728
- https://security.gentoo.org/glsa/202003-22
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-16775: Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible…
Published: 2019-12-13T01:15:00 Last Modified: 2021-10-20T11:15:00
Summary
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user’s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the –ignore-scripts install option.
Common Weakness Enumeration (CWE): CWE-61: UNIX Symbolic Link (Symlink) Following
CWE Description: The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-16775 vulnerability.
References
- https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
- https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
- https://access.redhat.com/errata/RHEA-2020:0330
- https://access.redhat.com/errata/RHSA-2020:0573
- https://access.redhat.com/errata/RHSA-2020:0579
- https://access.redhat.com/errata/RHSA-2020:0597
- https://access.redhat.com/errata/RHSA-2020:0602
- https://www.oracle.com/security-alerts/cpuoct2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-16776: Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to…
Published: 2019-12-13T01:15:00 Last Modified: 2020-10-07T16:49:00
Summary
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user’s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the –ignore-scripts install option.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.0
- CVSS: 5.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-16776 vulnerability.
References
- https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
- https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
- https://access.redhat.com/errata/RHEA-2020:0330
- https://access.redhat.com/errata/RHSA-2020:0573
- https://access.redhat.com/errata/RHSA-2020:0579
- https://access.redhat.com/errata/RHSA-2020:0597
- https://access.redhat.com/errata/RHSA-2020:0602
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-16777: Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails…
Published: 2019-12-13T01:15:00 Last Modified: 2020-10-09T13:36:00
Summary
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the –ignore-scripts install option.
Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management
CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.0
- CVSS: 5.5
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-16777 vulnerability.
References
- https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
- https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
- https://access.redhat.com/errata/RHEA-2020:0330
- https://access.redhat.com/errata/RHSA-2020:0573
- https://access.redhat.com/errata/RHSA-2020:0579
- https://access.redhat.com/errata/RHSA-2020:0597
- https://access.redhat.com/errata/RHSA-2020:0602
- https://security.gentoo.org/glsa/202003-48
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-13730: Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to…
Published: 2019-12-10T22:15:00 Last Modified: 2022-01-01T20:07:00
Summary
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-843: Access of Resource Using Incompatible Type (‘Type Confusion’)
CWE Description: The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-13730 vulnerability.
References
- https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
- https://crbug.com/1028862
- https://access.redhat.com/errata/RHSA-2019:4238
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
- https://seclists.org/bugtraq/2020/Jan/27
- https://www.debian.org/security/2020/dsa-4606
- https://security.gentoo.org/glsa/202003-08
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19334: In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way…
Published: 2019-12-06T16:15:00 Last Modified: 2019-12-18T18:15:00
Summary
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type “identityref”. An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-19334 vulnerability.
References
- https://github.com/CESNET/libyang/commit/6980afae2ff9fcd6d67508b0a3f694d75fd059d6
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19334
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PETB6TVMFV5KUD4IKVP2JPLBCYHUGSAJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RL54JMS7XW7PI6JC4BFSNNLSX5AINQUL/
- https://access.redhat.com/errata/RHSA-2019:4360
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19333: In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way…
Published: 2019-12-06T16:15:00 Last Modified: 2019-12-18T04:15:00
Summary
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type “bits”. An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-19333 vulnerability.
References
- https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0d
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19333
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PETB6TVMFV5KUD4IKVP2JPLBCYHUGSAJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RL54JMS7XW7PI6JC4BFSNNLSX5AINQUL/
- https://access.redhat.com/errata/RHSA-2019:4360
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5544: OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has…
Published: 2019-12-06T16:15:00 Last Modified: 2022-02-03T19:50:00
Summary
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5544 vulnerability.
References
- http://www.vmware.com/security/advisories/VMSA-2019-0022.html
- http://www.openwall.com/lists/oss-security/2019/12/10/2
- http://www.openwall.com/lists/oss-security/2019/12/11/2
- https://access.redhat.com/errata/RHSA-2019:4240
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/
- https://access.redhat.com/errata/RHSA-2020:0199
- https://security.gentoo.org/glsa/202005-12
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19624: An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable…
Published: 2019-12-06T15:15:00 Last Modified: 2019-12-17T20:48:00
Summary
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-19624 vulnerability.
References
- https://github.com/opencv/opencv/issues/14554
- https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418
- https://access.redhat.com/security/cve/cve-2019-19624
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-13456: In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the…
Published: 2019-12-03T20:15:00 Last Modified: 2022-01-01T20:06:00
Summary
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the “Dragonblood” attack and CVE-2019-9494.
Common Weakness Enumeration (CWE): CWE-203: Observable Discrepancy
CWE Description: The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Scores
- Impact Score: 2.9
- Exploitability Score: 5.5
- CVSS: 2.9
- CVSS Vector: AV:A/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2019-13456 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1737663
- https://wpa3.mathyvanhoef.com
- https://freeradius.org/security/
- https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2013-4235: shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
Published: 2019-12-03T15:15:00 Last Modified: 2021-02-25T17:15:00
Summary
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CWE Description: The software checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.4
- CVSS: 3.3
- CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2013-4235 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2013-4235
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
- https://access.redhat.com/security/cve/cve-2013-4235
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-18660: The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB…
Published: 2019-11-27T23:15:00 Last Modified: 2020-01-28T19:47:00
Summary
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 3.4
- CVSS: 1.9
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-18660 vulnerability.
References
- https://www.openwall.com/lists/oss-security/2019/11/27/1
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad
- http://www.openwall.com/lists/oss-security/2019/11/27/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://usn.ubuntu.com/4228-1/
- https://usn.ubuntu.com/4227-1/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4225-1/
- https://usn.ubuntu.com/4228-2/
- https://usn.ubuntu.com/4227-2/
- https://seclists.org/bugtraq/2020/Jan/10
- http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://access.redhat.com/errata/RHSA-2020:0174
- https://usn.ubuntu.com/4225-2/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19319: In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can…
Published: 2019-11-27T23:15:00 Last Modified: 2021-02-09T19:15:00
Summary
In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-19319 vulnerability.
References
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19319
- https://security.netapp.com/advisory/ntap-20200103-0001/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://www.debian.org/security/2020/dsa-4698
- https://usn.ubuntu.com/4391-1/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=345c0dbf3a30
- https://bugzilla.suse.com/show_bug.cgi?id=1158021
See also: All popular products CVE Vulnerabilities of redhat
CVE-2011-2717: The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP…
Published: 2019-11-27T21:15:00 Last Modified: 2019-12-18T21:04:00
Summary
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
Common Weakness Enumeration (CWE): CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
CWE Description: The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Scores
- Impact Score: 10.0
- Exploitability Score: 10.0
- CVSS: 10.0
- CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2011-2717 vulnerability.
References
- https://vigilance.fr/vulnerability/dhcp6c-shell-command-injection-10869
- https://access.redhat.com/security/cve/cve-2011-2717
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2717
- https://www.openwall.com/lists/oss-security/2011/07/26/9
See also: All popular products CVE Vulnerabilities of redhat
CVE-2011-2515: PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which…
Published: 2019-11-27T21:15:00 Last Modified: 2020-08-18T15:05:00
Summary
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.
Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource
CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2011-2515 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515
- https://access.redhat.com/security/cve/cve-2011-2515
- https://security-tracker.debian.org/tracker/CVE-2011-2515
- https://www.securityfocus.com/bid/48557/info
See also: All popular products CVE Vulnerabilities of redhat
CVE-2011-2207: dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to…
Published: 2019-11-27T19:15:00 Last Modified: 2019-12-13T18:04:00
Summary
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.
Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation
CWE Description: The software does not validate, or incorrectly validates, a certificate.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2011-2207 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2207
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627377
- https://access.redhat.com/security/cve/cve-2011-2207
- https://www.openwall.com/lists/oss-security/2011/06/15/6
- https://security-tracker.debian.org/tracker/CVE-2011-2207
See also: All popular products CVE Vulnerabilities of redhat
CVE-2012-6655: An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in…
Published: 2019-11-27T18:15:00 Last Modified: 2020-08-18T15:05:00
Summary
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource
CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2012-6655 vulnerability.
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95325
- https://security-tracker.debian.org/tracker/CVE-2012-6655
- http://www.openwall.com/lists/oss-security/2014/08/16/7
- http://www.securityfocus.com/bid/69245
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6655
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6655
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19242: SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in…
Published: 2019-11-27T17:15:00 Last Modified: 2020-04-15T21:15:00
Summary
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-19242 vulnerability.
References
- https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c
- https://usn.ubuntu.com/4205-1/
- https://www.oracle.com/security-alerts/cpuapr2020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2016-4980: A password generation weakness exists in xquest through 2016-06-13.
Published: 2019-11-27T16:15:00 Last Modified: 2020-01-09T21:15:00
Summary
A password generation weakness exists in xquest through 2016-06-13.
Common Weakness Enumeration (CWE): CWE-330: Use of Insufficiently Random Values
CWE Description: The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.4
- CVSS: 1.9
- CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2016-4980 vulnerability.
References
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVW2QJFNZUZYBN4M4YUE7S2NZBWWMGES/
- https://access.redhat.com/security/cve/cve-2016-4980
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4980
- https://bugzilla.redhat.com/show_bug.cgi?id=1346016
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10216: In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its…
Published: 2019-11-27T13:15:00 Last Modified: 2020-09-30T18:17:00
Summary
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10216 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19
- https://security.gentoo.org/glsa/202004-03
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32,…
Published: 2019-11-27T09:15:00 Last Modified: 2020-01-03T11:15:00
Summary
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 10.0
- CVSS: 10.0
- CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-14896 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14896
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://usn.ubuntu.com/4228-1/
- https://usn.ubuntu.com/4227-1/
- https://usn.ubuntu.com/4225-1/
- https://usn.ubuntu.com/4228-2/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4227-2/
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://usn.ubuntu.com/4225-2/
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2011-3632: Hardlink before 0.1.2 operates on full file system objects path names which can allow a local…
Published: 2019-11-26T04:15:00 Last Modified: 2020-08-18T15:05:00
Summary
Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.
Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)
CWE Description: The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2011-3632 vulnerability.
References
- https://www.openwall.com/lists/oss-security/2011/10/20/6
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516
- https://security-tracker.debian.org/tracker/CVE-2011-3632
- https://www.openwall.com/lists/oss-security/2011/10/15/2
- https://access.redhat.com/security/cve/cve-2011-3632
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3632
See also: All popular products CVE Vulnerabilities of redhat
CVE-2011-3631: Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows…
Published: 2019-11-26T04:15:00 Last Modified: 2020-08-18T15:05:00
Summary
Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2011-3631 vulnerability.
References
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516
- https://security-tracker.debian.org/tracker/CVE-2011-3631
- https://access.redhat.com/security/cve/cve-2011-3631
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3631
See also: All popular products CVE Vulnerabilities of redhat
CVE-2011-3630: Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way…
Published: 2019-11-26T04:15:00 Last Modified: 2020-08-18T15:05:00
Summary
Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2011-3630 vulnerability.
References
- https://www.openwall.com/lists/oss-security/2011/10/20/6
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516
- https://security-tracker.debian.org/tracker/CVE-2011-3630
- https://access.redhat.com/security/cve/cve-2011-3630
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3630
See also: All popular products CVE Vulnerabilities of redhat
CVE-2012-5644: libuser has information disclosure when moving user’s home directory
Published: 2019-11-25T15:15:00 Last Modified: 2020-08-18T15:05:00
Summary
libuser has information disclosure when moving user’s home directory
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: COMPLETE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2012-5644 vulnerability.
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102068.html
- https://access.redhat.com/security/cve/cve-2012-5644
- https://security-tracker.debian.org/tracker/CVE-2012-5644
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5644
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-13723: Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker…
Published: 2019-11-25T15:15:00 Last Modified: 2020-08-24T17:37:00
Summary
Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-13723 vulnerability.
References
- https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html
- https://crbug.com/1024121
- https://access.redhat.com/errata/RHSA-2019:3955
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/54XWRJ5LDFL27QXBPIBX3EHO4TPMKN4R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USW7PGIHNPE6W3LGY6ZDFLELQGSL52CH/
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00035.html
- https://security.gentoo.org/glsa/202003-08
See also: All popular products CVE Vulnerabilities of redhat
CVE-2012-5521: quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
Published: 2019-11-25T14:15:00 Last Modified: 2020-08-18T15:05:00
Summary
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
Common Weakness Enumeration (CWE): CWE-617: Reachable Assertion
CWE Description: The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Scores
- Impact Score: 2.9
- Exploitability Score: 6.5
- CVSS: 3.3
- CVSS Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2012-5521 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2012-5521
- https://access.redhat.com/security/cve/cve-2012-5521
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80096
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5521
- http://www.openwall.com/lists/oss-security/2012/11/13/14
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-5521
- http://www.securityfocus.com/bid/56530
See also: All popular products CVE Vulnerabilities of redhat
CVE-2012-5630: libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and…
Published: 2019-11-25T14:15:00 Last Modified: 2019-12-04T15:43:00
Summary
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.
Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CWE Description: The software checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.4
- CVSS: 3.3
- CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2012-5630 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2012-5630
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5630
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102068.html
- https://access.redhat.com/security/cve/cve-2012-5630
- https://www.securityfocus.com/bid/59285
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14822: A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to…
Published: 2019-11-25T12:15:00 Last Modified: 2020-08-27T15:15:00
Summary
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-14822 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14822
- https://usn.ubuntu.com/4134-3/
- https://bugzilla.redhat.com/show_bug.cgi?id=1717958
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10214: The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat…
Published: 2019-11-25T11:15:00 Last Modified: 2021-10-28T13:58:00
Summary
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.
Common Weakness Enumeration (CWE): CWE-522: Insufficiently Protected Credentials
CWE Description: The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10214 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14815: A vulnerability was found in Linux Kernel, where a Heap Overflow was found in…
Published: 2019-11-25T11:15:00 Last Modified: 2020-01-03T11:15:00
Summary
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-14815 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14815
- https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc@gmail.com
- https://www.openwall.com/lists/oss-security/2019/08/28/1
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a
- https://access.redhat.com/security/cve/cve-2019-14815
- https://access.redhat.com/errata/RHSA-2020:0174
- https://access.redhat.com/errata/RHSA-2020:0328
- https://access.redhat.com/errata/RHSA-2020:0339
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2012-0877: PyXML: Hash table collisions CPU usage Denial of Service
Published: 2019-11-22T17:15:00 Last Modified: 2019-12-03T14:35:00
Summary
PyXML: Hash table collisions CPU usage Denial of Service
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 6.9
- Exploitability Score: 10.0
- CVSS: 7.8
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2012-0877 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2012-0877
- https://access.redhat.com/security/cve/cve-2012-0877
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0877
- http://www.openwall.com/lists/oss-security/2014/07/08/11
- http://seclists.org/oss-sec/2014/q3/96
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-3585: redhat-upgrade-tool: Does not check GPG signatures when upgrading versions
Published: 2019-11-22T15:15:00 Last Modified: 2019-11-25T16:37:00
Summary
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions
Common Weakness Enumeration (CWE): CWE-347: Improper Verification of Cryptographic Signature
CWE Description: The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Scores
- Impact Score: 10.0
- Exploitability Score: 10.0
- CVSS: 10.0
- CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2014-3585 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3585
- https://access.redhat.com/security/cve/cve-2014-3585
See also: All popular products CVE Vulnerabilities of redhat
CVE-2015-7810: libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files
Published: 2019-11-22T15:15:00 Last Modified: 2020-08-18T15:05:00
Summary
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files
Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CWE Description: The software checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.4
- CVSS: 3.3
- CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2015-7810 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2015-7810
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7810
- https://access.redhat.com/security/cve/cve-2015-7810
- http://www.securityfocus.com/bid/72769
- http://www.openwall.com/lists/oss-security/2015/10/12/7
See also: All popular products CVE Vulnerabilities of redhat
CVE-2015-5694: Designate does not enforce the DNS protocol limit concerning record set sizes
Published: 2019-11-22T15:15:00 Last Modified: 2020-08-18T15:05:00
Summary
Designate does not enforce the DNS protocol limit concerning record set sizes
Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2015-5694 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5694
- https://security-tracker.debian.org/tracker/CVE-2015-5694
- http://www.openwall.com/lists/oss-security/2015/07/28/11
- http://www.openwall.com/lists/oss-security/2015/07/29/6
See also: All popular products CVE Vulnerabilities of redhat
CVE-2013-1817: MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which…
Published: 2019-11-20T20:15:00 Last Modified: 2019-11-21T14:54:00
Summary
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2013-1817 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2013-1817
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88359
- http://security.gentoo.org/glsa/glsa-201310-21.xml
- http://www.securityfocus.com/bid/58305
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1817
- http://www.openwall.com/lists/oss-security/2013/03/05/4
See also: All popular products CVE Vulnerabilities of redhat
CVE-2013-1816: MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of…
Published: 2019-11-20T20:15:00 Last Modified: 2019-11-21T14:58:00
Summary
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2013-1816 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2013-1816
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1816
- http://www.securityfocus.com/bid/58306
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88360
- http://security.gentoo.org/glsa/glsa-201310-21.xml
- http://www.openwall.com/lists/oss-security/2013/03/05/4
See also: All popular products CVE Vulnerabilities of redhat
CVE-2012-6136: tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill…
Published: 2019-11-20T15:15:00 Last Modified: 2020-08-18T15:05:00
Summary
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
Common Weakness Enumeration (CWE): CWE-276: Incorrect Default Permissions
CWE Description: During installation, installed file permissions are set to allow anyone to modify those files.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2012-6136 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2012-6136
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6136
See also: All popular products CVE Vulnerabilities of redhat
CVE-2011-4967: tog-Pegasus has a package hash collision DoS vulnerability
Published: 2019-11-19T16:15:00 Last Modified: 2019-11-22T17:27:00
Summary
tog-Pegasus has a package hash collision DoS vulnerability
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2011-4967 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4967
- http://bugzilla.openpegasus.org/show_bug.cgi?id=9182
- https://access.redhat.com/security/cve/cve-2011-4967
- http://www.openwall.com/lists/oss-security/2012/12/14/2
- https://www.securityfocus.com/bid/56941
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-5118: Trusted Boot (tboot) before 1.8.2 has a ’loader.c’ Security Bypass Vulnerability
Published: 2019-11-18T23:15:00 Last Modified: 2020-01-10T14:15:00
Summary
Trusted Boot (tboot) before 1.8.2 has a ’loader.c’ Security Bypass Vulnerability
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2014-5118 vulnerability.
References
- http://www.securityfocus.com/bid/68960
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136778.html
- http://www.openwall.com/lists/oss-security/2014/07/30/4
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95063
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136768.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19081: A memory leak in the nfp_flower_spawn_vnic_reprs() function in…
Published: 2019-11-18T06:15:00 Last Modified: 2020-08-24T17:37:00
Summary
A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.
Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime
CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.6
- CVSS: 7.1
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-19081 vulnerability.
References
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4
- https://github.com/torvalds/linux/commit/8ce39eb5a67aee25d9f05b40b673c95b23502e3e
- https://security.netapp.com/advisory/ntap-20191205-0001/
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19066: A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux…
Published: 2019-11-18T06:15:00 Last Modified: 2021-06-14T18:15:00
Summary
A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.
Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime
CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.4
- CVSS: 4.7
- CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-19066 vulnerability.
References
- https://github.com/torvalds/linux/commit/0e62395da2bd5166d7c9e14cbc7503b256a34cb0
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://usn.ubuntu.com/4286-2/
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://usn.ubuntu.com/4286-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
- https://usn.ubuntu.com/4300-1/
- https://usn.ubuntu.com/4301-1/
- https://usn.ubuntu.com/4302-1/
- https://www.oracle.com/security-alerts/cpuApr2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19072: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the…
Published: 2019-11-18T06:15:00 Last Modified: 2020-08-24T17:37:00
Summary
A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.
Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime
CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-19072 vulnerability.
References
- https://github.com/torvalds/linux/commit/96c5c6e6a5b6db592acae039fed54b5c8844cd35
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://usn.ubuntu.com/4225-1/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4225-2/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19076: ** DISPUTED ** A memory leak in the nfp_abm_u32_knode_replace() function in…
Published: 2019-11-18T06:15:00 Last Modified: 2020-08-24T17:37:00
Summary
** DISPUTED ** A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit 78beef629fd9 was reverted.
Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime
CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.6
- CVSS: 7.1
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-19076 vulnerability.
References
- https://github.com/torvalds/linux/commit/78beef629fd95be4ed853b2d37b832f766bd96ca
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6
- https://usn.ubuntu.com/4209-1/
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://lore.kernel.org/lkml/20191204103955.63c4d9af@cakuba.netronome.com/
- https://git.kernel.org/linus/1d1997db870f4058676439ef7014390ba9e24eb2
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel…
Published: 2019-11-18T06:15:00 Last Modified: 2020-08-24T17:37:00
Summary
A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.
Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime
CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.4
- CVSS: 4.7
- CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-19062 vulnerability.
References
- https://github.com/torvalds/linux/commit/ffdde5932042600c6807d46c1550b28b0db6a3bc
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/
- https://security.netapp.com/advisory/ntap-20191205-0001/
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- https://seclists.org/bugtraq/2020/Jan/10
- http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://usn.ubuntu.com/4254-1/
- https://usn.ubuntu.com/4254-2/
- https://usn.ubuntu.com/4258-1/
- https://usn.ubuntu.com/4287-1/
- https://usn.ubuntu.com/4287-2/
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://usn.ubuntu.com/4284-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in…
Published: 2019-11-18T06:15:00 Last Modified: 2020-08-24T17:37:00
Summary
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.
Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime
CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-19068 vulnerability.
References
- https://github.com/torvalds/linux/commit/a2cdd07488e666aa93a49a3fc9c9b1299e27ef3c
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/
- https://security.netapp.com/advisory/ntap-20191205-0001/
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- https://usn.ubuntu.com/4286-2/
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://usn.ubuntu.com/4286-1/
- https://usn.ubuntu.com/4300-1/
- https://usn.ubuntu.com/4301-1/
- https://usn.ubuntu.com/4302-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-19012: An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before…
Published: 2019-11-17T18:15:00 Last Modified: 2020-08-24T17:37:00
Summary
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-19012 vulnerability.
References
- https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2
- https://github.com/kkos/oniguruma/issues/164
- https://github.com/tarantula-team/CVE-2019-19012
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/
- https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/
- https://usn.ubuntu.com/4460-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2011-2726: An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the…
Published: 2019-11-15T17:15:00 Last Modified: 2019-12-03T19:49:00
Summary
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.
Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization
CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2011-2726 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2011-2726
- https://access.redhat.com/security/cve/cve-2011-2726
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2726
- http://www.openwall.com/lists/oss-security/2012/03/19/10
- https://www.drupal.org/node/1231510
- http://www.openwall.com/lists/oss-security/2012/03/20/14
See also: All popular products CVE Vulnerabilities of redhat
CVE-2016-5285: A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a…
Published: 2019-11-15T16:15:00 Last Modified: 2020-01-09T20:15:00
Summary
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2016-5285 vulnerability.
References
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html
- http://rhn.redhat.com/errata/RHSA-2016-2779.html
- http://www.ubuntu.com/usn/USN-3163-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1306103
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html
- https://bto.bluecoat.com/security-advisory/sa137
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html
- https://security.gentoo.org/glsa/201701-46
- http://www.securityfocus.com/bid/94349
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-12207: Improper invalidation for page table updates by a virtual guest operating system for multiple…
Published: 2019-11-14T20:15:00 Last Modified: 2020-07-15T03:15:00
Summary
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2018-12207 vulnerability.
References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/
- https://access.redhat.com/errata/RHSA-2019:3916
- https://access.redhat.com/errata/RHSA-2019:3936
- https://access.redhat.com/errata/RHSA-2019:3941
- https://usn.ubuntu.com/4186-2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/
- https://support.f5.com/csp/article/K17269881?utm_source=f5support&utm_medium=RSS
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html
- https://access.redhat.com/errata/RHSA-2020:0028
- https://access.redhat.com/errata/RHSA-2020:0026
- https://www.debian.org/security/2020/dsa-4602
- https://seclists.org/bugtraq/2020/Jan/21
- https://access.redhat.com/errata/RHSA-2020:0204
- https://security.gentoo.org/glsa/202003-56
- https://www.oracle.com/security-alerts/cpujul2020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-0155: Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and…
Published: 2019-11-14T19:15:00 Last Modified: 2021-07-21T11:39:00
Summary
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-0155 vulnerability.
References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html
- https://access.redhat.com/errata/RHSA-2019:3887
- https://access.redhat.com/errata/RHSA-2019:3889
- https://access.redhat.com/errata/RHSA-2019:3841
- https://seclists.org/bugtraq/2019/Nov/26
- http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://access.redhat.com/errata/RHSA-2019:3908
- https://support.f5.com/csp/article/K73659122?utm_source=f5support&utm_medium=RSS
- https://usn.ubuntu.com/4186-2/
- https://access.redhat.com/errata/RHSA-2020:0204
- https://security.netapp.com/advisory/ntap-20200320-0005/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14818: A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before…
Published: 2019-11-14T17:15:00 Last Modified: 2021-11-02T18:28:00
Summary
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime
CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-14818 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818
- https://bugs.dpdk.org/show_bug.cgi?id=363
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/
- https://access.redhat.com/errata/RHSA-2020:0165
- https://access.redhat.com/errata/RHSA-2020:0166
- https://access.redhat.com/errata/RHSA-2020:0168
- https://access.redhat.com/errata/RHSA-2020:0171
- https://access.redhat.com/errata/RHSA-2020:0172
See also: All popular products CVE Vulnerabilities of redhat
CVE-2012-1156: Moodle before 2.2.2 has users’ private files included in course backups
Published: 2019-11-14T16:15:00 Last Modified: 2019-11-22T18:41:00
Summary
Moodle before 2.2.2 has users’ private files included in course backups
Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File
CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2012-1156 vulnerability.
References
- https://access.redhat.com/security/cve/cve-2012-1156
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156
- https://moodle.org/mod/forum/discuss.php?d=198623
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
- https://security-tracker.debian.org/tracker/CVE-2012-1156
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2012-1168: Moodle before 2.2.2 has a password and web services issue where when the user profile is updated…
Published: 2019-11-14T16:15:00 Last Modified: 2019-11-22T18:32:00
Summary
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2012-1168 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2012-1168
- https://access.redhat.com/security/cve/cve-2012-1168
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1168
- https://moodle.org/mod/forum/discuss.php?d=198622
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2012-1155: Moodle has a database activity export permission issue where the export function of the database…
Published: 2019-11-14T16:15:00 Last Modified: 2019-11-22T18:44:00
Summary
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2012-1155 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2012-1155
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
- https://moodle.org/mod/forum/discuss.php?d=198621
- https://access.redhat.com/security/cve/cve-2012-1155
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1155
See also: All popular products CVE Vulnerabilities of redhat
CVE-2011-1145: The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow…
Published: 2019-11-14T02:15:00 Last Modified: 2019-11-19T21:02:00
Summary
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2011-1145 vulnerability.
References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-1145
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1145
- https://security-tracker.debian.org/tracker/CVE-2011-1145
- https://access.redhat.com/security/cve/cve-2011-1145
See also: All popular products CVE Vulnerabilities of redhat
CVE-2010-4664: In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw…
Published: 2019-11-13T22:15:00 Last Modified: 2019-11-18T14:44:00
Summary
In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.
Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management
CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.0
- CVSS: 6.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2010-4664 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2010-4664
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4664
- https://access.redhat.com/security/cve/cve-2010-4664
See also: All popular products CVE Vulnerabilities of redhat
CVE-2010-4657: PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which…
Published: 2019-11-13T21:15:00 Last Modified: 2019-11-20T13:45:00
Summary
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
Common Weakness Enumeration (CWE): CWE-772: Missing Release of Resource after Effective Lifetime
CWE Description: The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2010-4657 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2010-4657
- https://access.redhat.com/security/cve/cve-2010-4657
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4657
- https://bugs.launchpad.net/php/%2Bbug/655442
See also: All popular products CVE Vulnerabilities of redhat
CVE-2010-4661: udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.
Published: 2019-11-13T21:15:00 Last Modified: 2019-11-18T19:30:00
Summary
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.
Common Weakness Enumeration (CWE): CWE-434: Unrestricted Upload of File with Dangerous Type
CWE Description: This can be resultant from client-side enforcement (CWE-602); some products will include web script in web clients to check the filename, without verifying on the server side.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2010-4661 vulnerability.
References
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00000.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4661
- https://access.redhat.com/security/cve/cve-2010-4661
- https://security-tracker.debian.org/tracker/CVE-2010-4661
See also: All popular products CVE Vulnerabilities of redhat
CVE-2011-2897: gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables…
Published: 2019-11-12T14:15:00 Last Modified: 2019-11-14T15:28:00
Summary
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2011-2897 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2011-2897
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2897
- https://access.redhat.com/security/cve/cve-2011-2897
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14824: A flaw was found in the ‘deref’ plugin of 389-ds-base where it could use the ‘search’ permission…
Published: 2019-11-08T15:15:00 Last Modified: 2020-12-04T18:15:00
Summary
A flaw was found in the ‘deref’ plugin of 389-ds-base where it could use the ‘search’ permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource
CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Scores
- Impact Score: 2.9
- Exploitability Score: 6.8
- CVSS: 3.5
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-14824 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824
- https://access.redhat.com/errata/RHSA-2019:3981
- https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html
- https://access.redhat.com/errata/RHSA-2020:0464
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-18811: A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux…
Published: 2019-11-07T16:15:00 Last Modified: 2020-08-24T17:37:00
Summary
A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1.
Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime
CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-18811 vulnerability.
References
- https://github.com/torvalds/linux/commit/45c1380358b12bf2d1db20a5874e9544f56b34ab
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/
- https://usn.ubuntu.com/4284-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is…
Published: 2019-11-07T14:15:00 Last Modified: 2021-06-22T14:47:00
Summary
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-18805 vulnerability.
References
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://access.redhat.com/errata/RHSA-2020:0740
See also: All popular products CVE Vulnerabilities of redhat
CVE-2016-1000037: Pagure: XSS possible in file attachment endpoint
Published: 2019-11-06T19:15:00 Last Modified: 2019-11-08T17:43:00
Summary
Pagure: XSS possible in file attachment endpoint
Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2016-1000037 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2016-1000037
- https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000037.json
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7EHB2WQ46M737B2STHQTOPTBSSQJDSS/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000037
See also: All popular products CVE Vulnerabilities of redhat
CVE-2014-8181: The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer,…
Published: 2019-11-06T15:15:00 Last Modified: 2021-07-15T19:16:00
Summary
The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.
Common Weakness Enumeration (CWE): CWE-665: Improper Initialization
CWE Description: The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2014-8181 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2016-4983: A postinstall script in the dovecot rpm allows local users to read the contents of newly created…
Published: 2019-11-05T22:15:00 Last Modified: 2019-11-08T16:20:00
Summary
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.
Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource
CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2016-4983 vulnerability.
References
- http://lists.opensuse.org/opensuse-updates/2016-11/msg00096.html
- https://bugzilla.suse.com/show_bug.cgi?id=984639
- https://bugzilla.redhat.com/show_bug.cgi?id=1346055
See also: All popular products CVE Vulnerabilities of redhat
CVE-2013-5661: Cache Poisoning issue exists in DNS Response Rate Limiting.
Published: 2019-11-05T19:15:00 Last Modified: 2019-11-08T19:04:00
Summary
Cache Poisoning issue exists in DNS Response Rate Limiting.
Common Weakness Enumeration (CWE): CWE-290: Authentication Bypass by Spoofing
CWE Description: This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.
Scores
- Impact Score: 2.9
- Exploitability Score: 4.9
- CVSS: 2.6
- CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2013-5661 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661
- https://security-tracker.debian.org/tracker/CVE-2013-5661
See also: All popular products CVE Vulnerabilities of redhat
CVE-2016-1000002: gdm3 3.14.2 and possibly later has an information leak before screen lock
Published: 2019-11-05T14:15:00 Last Modified: 2020-08-18T15:05:00
Summary
gdm3 3.14.2 and possibly later has an information leak before screen lock
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2016-1000002 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2016-1000002
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002
- https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000002.json
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000002
See also: All popular products CVE Vulnerabilities of redhat
CVE-2013-4409: An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review…
Published: 2019-11-04T21:15:00 Last Modified: 2019-11-08T21:34:00
Summary
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2013-4409 vulnerability.
References
- https://access.redhat.com/security/cve/cve-2013-4409
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html
- https://security-tracker.debian.org/tracker/CVE-2013-4409
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88059
- http://www.securityfocus.com/bid/63029
See also: All popular products CVE Vulnerabilities of redhat
CVE-2015-8980: The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote…
Published: 2019-11-04T21:15:00 Last Modified: 2019-11-06T14:30:00
Summary
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2015-8980 vulnerability.
References
- http://www.securityfocus.com/bid/95754
- https://launchpad.net/php-gettext/trunk/1.0.12
- https://bugzilla.redhat.com/show_bug.cgi?id=1367462
- https://lwn.net/Alerts/708838/
- http://seclists.org/fulldisclosure/2016/Aug/76
- http://www.openwall.com/lists/oss-security/2017/01/18/4
- http://lists.opensuse.org/opensuse-updates/2017-02/msg00015.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2017-5333: Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in…
Published: 2019-11-04T21:15:00 Last Modified: 2019-11-07T19:59:00
Summary
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2017-5333 vulnerability.
References
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html
- https://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a
- http://www.openwall.com/lists/oss-security/2017/01/11/3
- https://bugzilla.redhat.com/show_bug.cgi?id=1412259
- http://www.debian.org/security/2017/dsa-3765
- http://www.ubuntu.com/usn/USN-3178-1
- http://rhn.redhat.com/errata/RHSA-2017-0837.html
- http://www.securityfocus.com/bid/95678
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00024.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2017-5332: The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access…
Published: 2019-11-04T21:15:00 Last Modified: 2019-11-06T19:01:00
Summary
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2017-5332 vulnerability.
References
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html
- https://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a
- https://bugzilla.redhat.com/show_bug.cgi?id=1412263
- http://www.openwall.com/lists/oss-security/2017/01/11/3
- http://www.debian.org/security/2017/dsa-3765
- http://www.securityfocus.com/bid/95380
- http://www.ubuntu.com/usn/USN-3178-1
- http://rhn.redhat.com/errata/RHSA-2017-0837.html
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00024.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2013-4251: The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.
Published: 2019-11-04T20:15:00 Last Modified: 2019-11-08T18:51:00
Summary
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.
Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management
CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2013-4251 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2013-4251
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4251
- https://access.redhat.com/security/cve/cve-2013-4251
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4251
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88052
- https://github.com/scipy/scipy/commit/bd296e0336420b840fcd2faabb97084fd252a973
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119759.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119771.html
- http://www.securityfocus.com/bid/63008
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120696.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2005-4890: There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via “su -…
Published: 2019-11-04T19:15:00 Last Modified: 2020-08-18T15:05:00
Summary
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via “su - user -c program”. The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2005-4890 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890
- https://access.redhat.com/security/cve/cve-2005-4890
- http://www.openwall.com/lists/oss-security/2013/05/20/3
- http://www.openwall.com/lists/oss-security/2014/10/20/9
- http://www.openwall.com/lists/oss-security/2013/11/29/5
- http://www.openwall.com/lists/oss-security/2013/11/28/10
- http://www.openwall.com/lists/oss-security/2016/02/25/6
- http://www.openwall.com/lists/oss-security/2014/12/15/5
- http://www.openwall.com/lists/oss-security/2014/10/21/1
- https://security-tracker.debian.org/tracker/CVE-2005-4890
- http://www.openwall.com/lists/oss-security/2012/11/06/8
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-6470: There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd…
Published: 2019-11-01T23:15:00 Last Modified: 2019-11-06T21:52:00
Summary
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-6470 vulnerability.
References
- https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html
- https://access.redhat.com/errata/RHSA-2019:2060
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122
- https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html
- https://access.redhat.com/errata/RHSA-2019:3525
See also: All popular products CVE Vulnerabilities of redhat
CVE-2013-3718: evince is missing a check on number of pages which can lead to a segmentation fault
Published: 2019-11-01T13:15:00 Last Modified: 2019-11-05T20:17:00
Summary
evince is missing a check on number of pages which can lead to a segmentation fault
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2013-3718 vulnerability.
References
- https://security-tracker.debian.org/tracker/CVE-2013-3718
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-3718
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-3718
- http://bugzilla.gnome.org/show_bug.cgi?id=701302
See also: All popular products CVE Vulnerabilities of redhat
CVE-2013-4751: php-symfony2-Validator has loss of information during serialization
Published: 2019-11-01T13:15:00 Last Modified: 2019-11-06T15:53:00
Summary
php-symfony2-Validator has loss of information during serialization
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 4.9
- Exploitability Score: 6.8
- CVSS: 4.9
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2013-4751 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4751
- http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
- http://www.securityfocus.com/bid/61709
- http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114380.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114436.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86364
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-17596: Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic…
Published: 2019-10-24T22:15:00 Last Modified: 2021-11-30T19:42:00
Summary
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Common Weakness Enumeration (CWE): CWE-436: Interpretation Conflict
CWE Description: Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B’s state.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-17596 vulnerability.
References
- https://github.com/golang/go/issues/34960
- https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ
- https://www.debian.org/security/2019/dsa-4551
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html
- https://security.netapp.com/advisory/ntap-20191122-0005/
- https://access.redhat.com/errata/RHSA-2020:0101
- https://access.redhat.com/errata/RHSA-2020:0329
- https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html
- https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-17631: From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or…
Published: 2019-10-17T18:15:00 Last Modified: 2020-10-16T14:20:00
Summary
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.
Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management
CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-17631 vulnerability.
References
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=552129
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:4115
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/errata/RHSA-2020:0046
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-2975: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting)….
Published: 2019-10-16T18:15:00 Last Modified: 2020-09-08T12:29:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-2975 vulnerability.
References
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://security.netapp.com/advisory/ntap-20191017-0001/
- https://access.redhat.com/errata/RHSA-2019:3136
- https://www.debian.org/security/2019/dsa-4546
- https://seclists.org/bugtraq/2019/Oct/27
- https://seclists.org/bugtraq/2019/Oct/31
- https://www.debian.org/security/2019/dsa-4548
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:4115
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
- https://usn.ubuntu.com/4223-1/
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/errata/RHSA-2020:0046
- https://kc.mcafee.com/corporate/index?page=content&id=SB10315
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-2987: Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that…
Published: 2019-10-16T18:15:00 Last Modified: 2020-08-18T15:05:00
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-2987 vulnerability.
References
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://security.netapp.com/advisory/ntap-20191017-0001/
- https://access.redhat.com/errata/RHSA-2019:3136
- https://www.debian.org/security/2019/dsa-4546
- https://seclists.org/bugtraq/2019/Oct/27
- https://seclists.org/bugtraq/2019/Oct/31
- https://www.debian.org/security/2019/dsa-4548
- https://access.redhat.com/errata/RHSA-2019:3157
- https://access.redhat.com/errata/RHSA-2019:3158
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
- https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
- https://usn.ubuntu.com/4223-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-2978: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking)….
Published: 2019-10-16T18:15:00 Last Modified: 2020-09-08T13:00:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-2978 vulnerability.
References
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://security.netapp.com/advisory/ntap-20191017-0001/
- https://access.redhat.com/errata/RHSA-2019:3136
- https://www.debian.org/security/2019/dsa-4546
- https://seclists.org/bugtraq/2019/Oct/27
- https://seclists.org/bugtraq/2019/Oct/31
- https://www.debian.org/security/2019/dsa-4548
- https://access.redhat.com/errata/RHSA-2019:3157
- https://access.redhat.com/errata/RHSA-2019:3158
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
- https://access.redhat.com/errata/RHSA-2019:4109
- https://access.redhat.com/errata/RHSA-2019:4110
- https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:4115
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
- https://usn.ubuntu.com/4223-1/
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/errata/RHSA-2020:0046
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-2983: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component:…
Published: 2019-10-16T18:15:00 Last Modified: 2020-09-08T13:00:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-2983 vulnerability.
References
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://security.netapp.com/advisory/ntap-20191017-0001/
- https://access.redhat.com/errata/RHSA-2019:3136
- https://www.debian.org/security/2019/dsa-4546
- https://seclists.org/bugtraq/2019/Oct/27
- https://seclists.org/bugtraq/2019/Oct/31
- https://www.debian.org/security/2019/dsa-4548
- https://access.redhat.com/errata/RHSA-2019:3157
- https://access.redhat.com/errata/RHSA-2019:3158
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
- https://access.redhat.com/errata/RHSA-2019:4109
- https://access.redhat.com/errata/RHSA-2019:4110
- https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:4115
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
- https://usn.ubuntu.com/4223-1/
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/errata/RHSA-2020:0046
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-2973: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP)….
Published: 2019-10-16T18:15:00 Last Modified: 2020-09-08T13:00:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-2973 vulnerability.
References
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://security.netapp.com/advisory/ntap-20191017-0001/
- https://access.redhat.com/errata/RHSA-2019:3136
- https://www.debian.org/security/2019/dsa-4546
- https://seclists.org/bugtraq/2019/Oct/27
- https://seclists.org/bugtraq/2019/Oct/31
- https://www.debian.org/security/2019/dsa-4548
- https://access.redhat.com/errata/RHSA-2019:3157
- https://access.redhat.com/errata/RHSA-2019:3158
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
- https://access.redhat.com/errata/RHSA-2019:4109
- https://access.redhat.com/errata/RHSA-2019:4110
- https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:4115
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
- https://usn.ubuntu.com/4223-1/
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/errata/RHSA-2020:0046
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-2981: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP)….
Published: 2019-10-16T18:15:00 Last Modified: 2020-09-08T13:00:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-2981 vulnerability.
References
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://security.netapp.com/advisory/ntap-20191017-0001/
- https://access.redhat.com/errata/RHSA-2019:3136
- https://www.debian.org/security/2019/dsa-4546
- https://seclists.org/bugtraq/2019/Oct/27
- https://seclists.org/bugtraq/2019/Oct/31
- https://www.debian.org/security/2019/dsa-4548
- https://access.redhat.com/errata/RHSA-2019:3157
- https://access.redhat.com/errata/RHSA-2019:3158
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
- https://access.redhat.com/errata/RHSA-2019:4109
- https://access.redhat.com/errata/RHSA-2019:4110
- https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:4115
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
- https://usn.ubuntu.com/4223-1/
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/errata/RHSA-2020:0046
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-2992: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D)….
Published: 2019-10-16T18:15:00 Last Modified: 2020-09-08T13:00:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-2992 vulnerability.
References
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://security.netapp.com/advisory/ntap-20191017-0001/
- https://access.redhat.com/errata/RHSA-2019:3136
- https://www.debian.org/security/2019/dsa-4546
- https://seclists.org/bugtraq/2019/Oct/27
- https://seclists.org/bugtraq/2019/Oct/31
- https://www.debian.org/security/2019/dsa-4548
- https://access.redhat.com/errata/RHSA-2019:3157
- https://access.redhat.com/errata/RHSA-2019:3158
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
- https://access.redhat.com/errata/RHSA-2019:4109
- https://access.redhat.com/errata/RHSA-2019:4110
- https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:4115
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
- https://usn.ubuntu.com/4223-1/
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/errata/RHSA-2020:0046
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-2945: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking)….
Published: 2019-10-16T18:15:00 Last Modified: 2020-09-08T13:00:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
Scores
- Impact Score: 2.9
- Exploitability Score: 4.9
- CVSS: 2.6
- CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-2945 vulnerability.
References
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://security.netapp.com/advisory/ntap-20191017-0001/
- https://access.redhat.com/errata/RHSA-2019:3136
- https://www.debian.org/security/2019/dsa-4546
- https://seclists.org/bugtraq/2019/Oct/27
- https://seclists.org/bugtraq/2019/Oct/31
- https://www.debian.org/security/2019/dsa-4548
- https://access.redhat.com/errata/RHSA-2019:3157
- https://access.redhat.com/errata/RHSA-2019:3158
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
- https://access.redhat.com/errata/RHSA-2019:4109
- https://access.redhat.com/errata/RHSA-2019:4110
- https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:4115
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
- https://usn.ubuntu.com/4223-1/
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/errata/RHSA-2020:0046
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-2962: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D)….
Published: 2019-10-16T18:15:00 Last Modified: 2020-09-08T13:00:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-2962 vulnerability.
References
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://security.netapp.com/advisory/ntap-20191017-0001/
- https://access.redhat.com/errata/RHSA-2019:3136
- https://www.debian.org/security/2019/dsa-4546
- https://seclists.org/bugtraq/2019/Oct/27
- https://seclists.org/bugtraq/2019/Oct/31
- https://www.debian.org/security/2019/dsa-4548
- https://access.redhat.com/errata/RHSA-2019:3157
- https://access.redhat.com/errata/RHSA-2019:3158
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
- https://access.redhat.com/errata/RHSA-2019:4109
- https://access.redhat.com/errata/RHSA-2019:4110
- https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:4115
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
- https://usn.ubuntu.com/4223-1/
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/errata/RHSA-2020:0046
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-2989: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking)….
Published: 2019-10-16T18:15:00 Last Modified: 2020-09-08T13:00:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N).
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-2989 vulnerability.
References
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://security.netapp.com/advisory/ntap-20191017-0001/
- https://access.redhat.com/errata/RHSA-2019:3136
- https://www.debian.org/security/2019/dsa-4546
- https://seclists.org/bugtraq/2019/Oct/27
- https://seclists.org/bugtraq/2019/Oct/31
- https://www.debian.org/security/2019/dsa-4548
- https://access.redhat.com/errata/RHSA-2019:3157
- https://access.redhat.com/errata/RHSA-2019:3158
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
- https://access.redhat.com/errata/RHSA-2019:4109
- https://access.redhat.com/errata/RHSA-2019:4110
- https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:4115
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
- https://usn.ubuntu.com/4223-1/
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/errata/RHSA-2020:0046
- https://kc.mcafee.com/corporate/index?page=content&id=SB10315
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-2949: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos)….
Published: 2019-10-16T18:15:00 Last Modified: 2020-09-08T13:00:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-2949 vulnerability.
References
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://security.netapp.com/advisory/ntap-20191017-0001/
- https://access.redhat.com/errata/RHSA-2019:3136
- https://www.debian.org/security/2019/dsa-4546
- https://seclists.org/bugtraq/2019/Oct/27
- https://seclists.org/bugtraq/2019/Oct/31
- https://www.debian.org/security/2019/dsa-4548
- https://support.f5.com/csp/article/K54213762?utm_source=f5support&utm_medium=RSS
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
- https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
- https://usn.ubuntu.com/4223-1/
- https://kc.mcafee.com/corporate/index?page=content&id=SB10315
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-2964: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component:…
Published: 2019-10-16T18:15:00 Last Modified: 2020-09-08T13:00:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-2964 vulnerability.
References
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://security.netapp.com/advisory/ntap-20191017-0001/
- https://access.redhat.com/errata/RHSA-2019:3136
- https://www.debian.org/security/2019/dsa-4546
- https://seclists.org/bugtraq/2019/Oct/27
- https://seclists.org/bugtraq/2019/Oct/31
- https://www.debian.org/security/2019/dsa-4548
- https://access.redhat.com/errata/RHSA-2019:3157
- https://access.redhat.com/errata/RHSA-2019:3158
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
- https://access.redhat.com/errata/RHSA-2019:4109
- https://access.redhat.com/errata/RHSA-2019:4110
- https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:4115
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
- https://usn.ubuntu.com/4223-1/
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/errata/RHSA-2020:0046
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-2988: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D)….
Published: 2019-10-16T18:15:00 Last Modified: 2020-09-08T13:00:00
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-2988 vulnerability.
References
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://security.netapp.com/advisory/ntap-20191017-0001/
- https://access.redhat.com/errata/RHSA-2019:3136
- https://www.debian.org/security/2019/dsa-4546
- https://seclists.org/bugtraq/2019/Oct/27
- https://seclists.org/bugtraq/2019/Oct/31
- https://www.debian.org/security/2019/dsa-4548
- https://access.redhat.com/errata/RHSA-2019:3157
- https://access.redhat.com/errata/RHSA-2019:3158
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
- https://access.redhat.com/errata/RHSA-2019:4109
- https://access.redhat.com/errata/RHSA-2019:4110
- https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:4115
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
- https://usn.ubuntu.com/4223-1/
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/errata/RHSA-2020:0046
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-2999: Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions…
Published: 2019-10-16T18:15:00 Last Modified: 2020-09-08T13:00:00
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).
Scores
- Impact Score: 4.9
- Exploitability Score: 4.9
- CVSS: 4.0
- CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-2999 vulnerability.
References
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://security.netapp.com/advisory/ntap-20191017-0001/
- https://access.redhat.com/errata/RHSA-2019:3136
- https://www.debian.org/security/2019/dsa-4546
- https://seclists.org/bugtraq/2019/Oct/27
- https://seclists.org/bugtraq/2019/Oct/31
- https://www.debian.org/security/2019/dsa-4548
- https://access.redhat.com/errata/RHSA-2019:3157
- https://access.redhat.com/errata/RHSA-2019:3158
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
- https://access.redhat.com/errata/RHSA-2019:4109
- https://access.redhat.com/errata/RHSA-2019:4110
- https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:4115
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
- https://usn.ubuntu.com/4223-1/
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/errata/RHSA-2020:0046
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14823: A flaw was found in the “Leaf and Chain” OCSP policy implementation in JSS’ CryptoManager…
Published: 2019-10-14T20:15:00 Last Modified: 2019-10-25T19:15:00
Summary
A flaw was found in the “Leaf and Chain” OCSP policy implementation in JSS’ CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation
CWE Description: The software does not validate, or incorrectly validates, a certificate.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-14823 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823
- https://access.redhat.com/errata/RHSA-2019:3067
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZZWZLNALV6AOIBIHB3ZMNA5AGZMZAIY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEN4DQBE6WOGEP5BQ5X62WZM7ZQEEBG/
- https://access.redhat.com/errata/RHSA-2019:3225
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-6465: Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if…
Published: 2019-10-09T16:15:00 Last Modified: 2019-12-16T16:57:00
Summary
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.
Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource
CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-6465 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-15166: lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
Published: 2019-10-03T17:15:00 Last Modified: 2021-09-23T20:15:00
Summary
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-15166 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14462: The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14462 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14463: The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14463 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14469: The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14469 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14461: The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14461 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14467: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-…
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14467 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://github.com/the-tcpdump-group/tcpdump/commit/e3f3b445e2d20ac5d5b7fcb7559ce6beb55da0c9
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14465: The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14465 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14468: The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14468 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.f5.com/csp/article/K04367730?utm_source=f5support&utm_medium=RSS
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14882: The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14882 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14881: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-…
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14881 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://github.com/the-tcpdump-group/tcpdump/commit/86326e880d31b328a151d45348c35220baa9a1ff
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14470: The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14470 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/commit/12f66f69f7bf1ec1266ddbee90a7616cbf33696b
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14464: The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-…
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14464 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/commit/d97e94223720684c6aa740ff219e0d19426c2220
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14466: The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and…
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14466 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/commit/c24922e692a52121e853a84ead6b9337f4c08a94
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14879: The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in…
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().
Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Scores
- Impact Score: 6.4
- Exploitability Score: 4.9
- CVSS: 5.1
- CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14879 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.f5.com/csp/article/K51512510?utm_source=f5support&utm_medium=RSS
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14880: The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-…
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-14880 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://support.f5.com/csp/article/K56551263?utm_source=f5support&utm_medium=RSS
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16227: The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the…
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16227 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/commit/4846b3c5d0a850e860baf4f07340495d29837d09
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16229: The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16229 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16451: The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for…
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16451 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://github.com/the-tcpdump-group/tcpdump/commit/96480ab95308cd9234b4f09b175ebf60e17792c6
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16228: The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16228 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/commit/83a412a5275cac973c5841eca3511c766bed778d
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16230: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()…
Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00
Summary
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16230 vulnerability.
References
- https://github.com/the-tcpdump-group/tcpdump/commit/13d52e9c0e7caf7e6325b0051bc90a49968be67f
- https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
- https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
- https://seclists.org/bugtraq/2019/Oct/28
- https://www.debian.org/security/2019/dsa-4547
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/
- https://support.apple.com/kb/HT210788
- https://seclists.org/bugtraq/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- https://security.netapp.com/advisory/ntap-20200120-0001/
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-16276: Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
Published: 2019-09-30T19:15:00 Last Modified: 2021-03-22T13:19:00
Summary
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
Common Weakness Enumeration (CWE): CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)
CWE Description: When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to “smuggle” a request to one device without the other device being aware of it.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-16276 vulnerability.
References
- https://groups.google.com/forum/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ
- https://github.com/golang/go/issues/34540
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html
- https://security.netapp.com/advisory/ntap-20191122-0004/
- https://access.redhat.com/errata/RHSA-2020:0101
- https://access.redhat.com/errata/RHSA-2020:0329
- https://access.redhat.com/errata/RHSA-2020:0652
- https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-16994: In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when…
Published: 2019-09-30T13:15:00 Last Modified: 2021-07-21T11:39:00
Summary
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime
CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.4
- CVSS: 4.7
- CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-16994 vulnerability.
References
- https://github.com/torvalds/linux/commit/07f12b26e21ab359261bf75cfcb424fdc7daeb6d
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07f12b26e21ab359261bf75cfcb424fdc7daeb6d
- https://security.netapp.com/advisory/ntap-20191031-0005/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-16680: An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path…
Published: 2019-09-21T21:15:00 Last Modified: 2019-12-20T17:23:00
Summary
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 2.9
- Exploitability Score: 4.9
- CVSS: 2.6
- CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-16680 vulnerability.
References
- https://gitlab.gnome.org/GNOME/file-roller/commit/57268e51e59b61c9e3125eb0f65551c7084297e2
- https://bugzilla.gnome.org/show_bug.cgi?id=794337
- https://gitlab.gnome.org/GNOME/file-roller/commit/e8fb3e24dae711e4fb0d6777e0016cdda8787bc1
- https://usn.ubuntu.com/4139-1/
- https://www.debian.org/security/2019/dsa-4537
- https://seclists.org/bugtraq/2019/Sep/57
- https://lists.debian.org/debian-lts-announce/2019/09/msg00032.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1767594
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14814: There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the…
Published: 2019-09-20T19:15:00 Last Modified: 2021-11-02T18:28:00
Summary
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-14814 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14814
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a
- https://access.redhat.com/security/cve/cve-2019-14814
- https://www.openwall.com/lists/oss-security/2019/08/28/1
- http://www.openwall.com/lists/oss-security/2019/08/28/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
- https://usn.ubuntu.com/4157-1/
- https://usn.ubuntu.com/4157-2/
- https://usn.ubuntu.com/4162-1/
- https://usn.ubuntu.com/4163-1/
- https://usn.ubuntu.com/4163-2/
- https://usn.ubuntu.com/4162-2/
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://seclists.org/bugtraq/2019/Nov/11
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://access.redhat.com/errata/RHSA-2020:0174
- https://access.redhat.com/errata/RHSA-2020:0328
- https://access.redhat.com/errata/RHSA-2020:0339
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14816: There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell…
Published: 2019-09-20T19:15:00 Last Modified: 2021-11-02T18:28:00
Summary
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-14816 vulnerability.
References
- https://www.openwall.com/lists/oss-security/2019/08/28/1
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3
- http://www.openwall.com/lists/oss-security/2019/08/28/1
- https://access.redhat.com/security/cve/cve-2019-14816
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
- https://usn.ubuntu.com/4157-1/
- https://usn.ubuntu.com/4157-2/
- https://usn.ubuntu.com/4162-1/
- https://usn.ubuntu.com/4163-1/
- https://usn.ubuntu.com/4163-2/
- https://usn.ubuntu.com/4162-2/
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://seclists.org/bugtraq/2019/Nov/11
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://access.redhat.com/errata/RHSA-2020:0174
- https://access.redhat.com/errata/RHSA-2020:0204
- https://access.redhat.com/errata/RHSA-2020:0328
- https://access.redhat.com/errata/RHSA-2020:0339
- https://access.redhat.com/errata/RHSA-2020:0375
- https://access.redhat.com/errata/RHSA-2020:0374
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://access.redhat.com/errata/RHSA-2020:0653
- https://access.redhat.com/errata/RHSA-2020:0661
- https://access.redhat.com/errata/RHSA-2020:0664
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14821: An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way…
Published: 2019-09-19T18:15:00 Last Modified: 2021-06-02T15:22:00
Summary
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel’s KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer ‘struct kvm_coalesced_mmio’ object, wherein write indices ‘ring->first’ and ‘ring->last’ value could be supplied by a host user-space process. An unprivileged host user or process with access to ‘/dev/kvm’ device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-14821 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821
- http://www.openwall.com/lists/oss-security/2019/09/20/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/
- https://www.debian.org/security/2019/dsa-4531
- https://seclists.org/bugtraq/2019/Sep/41
- https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
- https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/
- https://security.netapp.com/advisory/ntap-20191004-0001/
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html
- https://usn.ubuntu.com/4157-1/
- https://usn.ubuntu.com/4157-2/
- https://usn.ubuntu.com/4162-1/
- https://usn.ubuntu.com/4163-1/
- https://usn.ubuntu.com/4163-2/
- https://usn.ubuntu.com/4162-2/
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://access.redhat.com/errata/RHSA-2019:3517
- https://access.redhat.com/errata/RHSA-2019:3309
- https://seclists.org/bugtraq/2019/Nov/11
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://access.redhat.com/errata/RHSA-2019:3978
- https://access.redhat.com/errata/RHSA-2019:3979
- https://access.redhat.com/errata/RHSA-2019:4154
- https://access.redhat.com/errata/RHSA-2019:4256
- https://access.redhat.com/errata/RHSA-2020:0027
- https://access.redhat.com/errata/RHSA-2020:0204
- https://www.oracle.com/security-alerts/cpuapr2020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14826: A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache…
Published: 2019-09-17T16:15:00 Last Modified: 2019-10-09T23:46:00
Summary
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
Common Weakness Enumeration (CWE): CWE-613: Insufficient Session Expiration
CWE Description: According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-14826 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14835: A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel’s…
Published: 2019-09-17T16:15:00 Last Modified: 2021-06-02T15:44:00
Summary
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel’s vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-14835 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835
- https://www.openwall.com/lists/oss-security/2019/09/17/1
- https://usn.ubuntu.com/4135-2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/
- https://access.redhat.com/errata/RHSA-2019:2828
- https://access.redhat.com/errata/RHSA-2019:2827
- https://access.redhat.com/errata/RHSA-2019:2830
- https://access.redhat.com/errata/RHSA-2019:2829
- https://access.redhat.com/errata/RHSA-2019:2854
- https://access.redhat.com/errata/RHSA-2019:2863
- https://access.redhat.com/errata/RHSA-2019:2862
- https://access.redhat.com/errata/RHSA-2019:2865
- https://access.redhat.com/errata/RHSA-2019:2864
- https://access.redhat.com/errata/RHSA-2019:2866
- https://access.redhat.com/errata/RHSA-2019:2867
- https://access.redhat.com/errata/RHSA-2019:2869
- http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html
- http://www.openwall.com/lists/oss-security/2019/09/24/1
- https://access.redhat.com/errata/RHSA-2019:2889
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- https://seclists.org/bugtraq/2019/Sep/41
- https://www.debian.org/security/2019/dsa-4531
- https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
- https://access.redhat.com/errata/RHSA-2019:2900
- https://access.redhat.com/errata/RHSA-2019:2901
- https://access.redhat.com/errata/RHSA-2019:2899
- https://access.redhat.com/errata/RHSA-2019:2924
- https://usn.ubuntu.com/4135-1/
- https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/
- http://www.openwall.com/lists/oss-security/2019/10/03/1
- http://www.openwall.com/lists/oss-security/2019/10/09/3
- http://www.openwall.com/lists/oss-security/2019/10/09/7
- https://access.redhat.com/errata/RHBA-2019:2824
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://seclists.org/bugtraq/2019/Nov/11
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-15030: In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector…
Published: 2019-09-13T13:15:00 Last Modified: 2020-08-24T17:37:00
Summary
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users’ processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-15030 vulnerability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8205d5d98ef7f155de211f5e2eb6ca03d95a5a60
- http://www.openwall.com/lists/oss-security/2019/09/10/3
- https://usn.ubuntu.com/4135-2/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- https://usn.ubuntu.com/4135-1/
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://access.redhat.com/errata/RHSA-2020:0740
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-15031: In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector…
Published: 2019-09-13T13:15:00 Last Modified: 2021-07-21T11:39:00
Summary
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users’ processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.
Common Weakness Enumeration (CWE): CWE-662: Improper Synchronization
CWE Description: The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-15031 vulnerability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a8318c13e79badb92bc6640704a64cc022a6eb97
- http://www.openwall.com/lists/oss-security/2019/09/10/4
- https://usn.ubuntu.com/4135-2/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- https://usn.ubuntu.com/4135-1/
- https://security.netapp.com/advisory/ntap-20191004-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return…
Published: 2019-09-11T16:15:00 Last Modified: 2020-05-04T20:22:00
Summary
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.4
- CVSS: 4.7
- CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-16231 vulnerability.
References
- https://lkml.org/lkml/2019/9/9/487
- https://security.netapp.com/advisory/ntap-20191004-0001/
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html
- https://usn.ubuntu.com/4227-1/
- https://usn.ubuntu.com/4225-1/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4227-2/
- https://usn.ubuntu.com/4225-2/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue…
Published: 2019-09-11T16:15:00 Last Modified: 2020-05-06T15:15:00
Summary
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.4
- CVSS: 4.7
- CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-16233 vulnerability.
References
- https://lkml.org/lkml/2019/9/9/487
- https://security.netapp.com/advisory/ntap-20191004-0001/
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html
- https://usn.ubuntu.com/4227-1/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4227-2/
- https://usn.ubuntu.com/4346-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-16229: ** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not…
Published: 2019-09-11T16:15:00 Last Modified: 2020-05-04T17:41:00
Summary
** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.4
- CVSS: 4.7
- CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-16229 vulnerability.
References
- https://lkml.org/lkml/2019/9/9/487
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://bugzilla.suse.com/show_bug.cgi?id=1150469#c3
- https://usn.ubuntu.com/4285-1/
- https://usn.ubuntu.com/4287-1/
- https://usn.ubuntu.com/4287-2/
- https://usn.ubuntu.com/4284-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-9854: LibreOffice has a feature where documents can specify that pre-installed macros can be executed…
Published: 2019-09-06T19:15:00 Last Modified: 2020-08-24T17:37:00
Summary
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-9854 vulnerability.
References
- https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9854/
- https://www.debian.org/security/2019/dsa-4519
- https://seclists.org/bugtraq/2019/Sep/17
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQKKOIY2DMZCXJINOLIQXD2NWISDKK3N/
- https://usn.ubuntu.com/4138-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html
- https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1769907
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14813: A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where…
Published: 2019-09-06T14:15:00 Last Modified: 2020-10-16T13:20:00
Summary
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization
CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-14813 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
- https://www.debian.org/security/2019/dsa-4518
- https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html
- https://seclists.org/bugtraq/2019/Sep/15
- https://access.redhat.com/errata/RHSA-2019:2594
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
- https://access.redhat.com/errata/RHBA-2019:2824
- https://security.gentoo.org/glsa/202004-03
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-1125: An information disclosure vulnerability exists when certain central processing units (CPU)…
Published: 2019-09-03T18:15:00 Last Modified: 2020-08-24T17:37:00
Summary
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2019-1125 vulnerability.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125
- https://access.redhat.com/errata/RHSA-2019:2600
- https://access.redhat.com/errata/RHSA-2019:2609
- https://access.redhat.com/errata/RHSA-2019:2695
- https://access.redhat.com/errata/RHSA-2019:2696
- https://access.redhat.com/errata/RHSA-2019:2730
- https://kc.mcafee.com/corporate/index?page=content&id=SB10297
- https://access.redhat.com/errata/RHSA-2019:2899
- https://access.redhat.com/errata/RHSA-2019:2900
- https://access.redhat.com/errata/RHSA-2019:2975
- https://access.redhat.com/errata/RHSA-2019:3011
- https://access.redhat.com/errata/RHBA-2019:2824
- https://access.redhat.com/errata/RHSA-2019:3220
- https://access.redhat.com/errata/RHBA-2019:3248
- https://www.synology.com/security/advisory/Synology_SA_19_32
- http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-15807: In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c…
Published: 2019-08-29T18:15:00 Last Modified: 2020-08-24T17:37:00
Summary
In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.
Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime
CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.4
- CVSS: 4.7
- CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-15807 vulnerability.
References
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0541791453fbe7f42867e310e0c9eb6295364d
- https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://support.f5.com/csp/article/K52136304?utm_source=f5support&utm_medium=RSS
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10086: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows…
Published: 2019-08-20T21:15:00 Last Modified: 2022-02-07T16:15:00
Summary
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data
CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10086 vulnerability.
References
- http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e
- https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html
- https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html
- https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E
- https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E
- https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E
- https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/
- https://access.redhat.com/errata/RHSA-2019:4317
- https://access.redhat.com/errata/RHSA-2020:0057
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://access.redhat.com/errata/RHSA-2020:0194
- https://access.redhat.com/errata/RHSA-2020:0811
- https://access.redhat.com/errata/RHSA-2020:0804
- https://access.redhat.com/errata/RHSA-2020:0805
- https://access.redhat.com/errata/RHSA-2020:0806
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c@%3Cdev.atlas.apache.org%3E
- https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f@%3Cdev.atlas.apache.org%3E
- https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4@%3Cdev.atlas.apache.org%3E
- https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1@%3Cdev.atlas.apache.org%3E
- https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba@%3Ccommits.atlas.apache.org%3E
- https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58@%3Cdev.atlas.apache.org%3E
- https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E
- https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6@%3Cdev.atlas.apache.org%3E
- https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db@%3Cdev.rocketmq.apache.org%3E
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c@%3Ccommits.dolphinscheduler.apache.org%3E
- https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825@%3Ccommits.dolphinscheduler.apache.org%3E
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2@%3Cissues.nifi.apache.org%3E
- https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098@%3Cissues.nifi.apache.org%3E
- https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534@%3Cissues.nifi.apache.org%3E
- https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e@%3Cissues.nifi.apache.org%3E
- https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b@%3Ccommits.nifi.apache.org%3E
- https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1@%3Cissues.nifi.apache.org%3E
- https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe@%3Cissues.nifi.apache.org%3E
- https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957@%3Cissues.nifi.apache.org%3E
- https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997@%3Cissues.nifi.apache.org%3E
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10140: A vulnerability was found in Linux kernel’s, versions up to 3.10, implementation of overlayfs. An…
Published: 2019-08-15T17:15:00 Last Modified: 2019-09-06T00:15:00
Summary
A vulnerability was found in Linux kernel’s, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS).
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-10140 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10140
- https://security.netapp.com/advisory/ntap-20190905-0002/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low…
Published: 2019-08-14T17:15:00 Last Modified: 2021-11-04T15:58:00
Summary
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka “KNOB”) that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
Common Weakness Enumeration (CWE): CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE Description: The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.
Scores
- Impact Score: 4.9
- Exploitability Score: 6.5
- CVSS: 4.8
- CVSS Vector: AV:A/AC:L/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2019-9506 vulnerability.
References
- https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/
- https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli
- http://www.cs.ox.ac.uk/publications/publication12404-abstract.html
- https://www.kb.cert.org/vuls/id/918987/
- http://seclists.org/fulldisclosure/2019/Aug/13
- http://seclists.org/fulldisclosure/2019/Aug/14
- http://seclists.org/fulldisclosure/2019/Aug/11
- http://seclists.org/fulldisclosure/2019/Aug/15
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en
- https://usn.ubuntu.com/4115-1/
- https://usn.ubuntu.com/4118-1/
- https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
- https://usn.ubuntu.com/4147-1/
- https://access.redhat.com/errata/RHSA-2019:2975
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html
- https://access.redhat.com/errata/RHSA-2019:3055
- https://access.redhat.com/errata/RHSA-2019:3076
- https://access.redhat.com/errata/RHSA-2019:3089
- https://access.redhat.com/errata/RHSA-2019:3187
- https://access.redhat.com/errata/RHSA-2019:3217
- https://access.redhat.com/errata/RHSA-2019:3218
- https://access.redhat.com/errata/RHSA-2019:3165
- https://access.redhat.com/errata/RHSA-2019:3220
- https://access.redhat.com/errata/RHSA-2019:3231
- https://access.redhat.com/errata/RHSA-2019:3309
- https://access.redhat.com/errata/RHSA-2019:3517
- https://access.redhat.com/errata/RHSA-2020:0204
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-9513: Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of…
Published: 2019-08-13T21:15:00 Last Modified: 2021-01-30T02:36:00
Summary
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
Scores
- Impact Score: 6.9
- Exploitability Score: 10.0
- CVSS: 7.8
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-9513 vulnerability.
References
- https://kb.cert.org/vuls/id/605641/
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
- https://usn.ubuntu.com/4099-1/
- https://www.synology.com/security/advisory/Synology_SA_19_33
- https://support.f5.com/csp/article/K02591030
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/
- https://seclists.org/bugtraq/2019/Aug/40
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/
- https://www.debian.org/security/2019/dsa-4505
- https://security.netapp.com/advisory/ntap-20190823-0005/
- https://security.netapp.com/advisory/ntap-20190823-0002/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/
- https://seclists.org/bugtraq/2019/Sep/1
- https://www.debian.org/security/2019/dsa-4511
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/
- https://access.redhat.com/errata/RHSA-2019:2692
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10296
- https://access.redhat.com/errata/RHSA-2019:2746
- https://access.redhat.com/errata/RHSA-2019:2745
- https://access.redhat.com/errata/RHSA-2019:2775
- https://access.redhat.com/errata/RHSA-2019:2799
- https://access.redhat.com/errata/RHSA-2019:2925
- https://access.redhat.com/errata/RHSA-2019:2939
- https://access.redhat.com/errata/RHSA-2019:2949
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:2955
- https://access.redhat.com/errata/RHSA-2019:2966
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html
- https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS
- https://access.redhat.com/errata/RHSA-2019:3041
- https://access.redhat.com/errata/RHSA-2019:3935
- https://access.redhat.com/errata/RHSA-2019:3933
- https://access.redhat.com/errata/RHSA-2019:3932
- https://www.debian.org/security/2020/dsa-4669
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-9515: Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial…
Published: 2019-08-13T21:15:00 Last Modified: 2020-10-22T17:22:00
Summary
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling
CWE Description: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Scores
- Impact Score: 6.9
- Exploitability Score: 10.0
- CVSS: 7.8
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-9515 vulnerability.
References
- https://kb.cert.org/vuls/id/605641/
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
- https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
- https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E
- https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E
- https://seclists.org/bugtraq/2019/Aug/24
- http://seclists.org/fulldisclosure/2019/Aug/16
- https://www.synology.com/security/advisory/Synology_SA_19_33
- https://support.f5.com/csp/article/K50233772
- https://security.netapp.com/advisory/ntap-20190823-0005/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
- https://seclists.org/bugtraq/2019/Aug/43
- https://www.debian.org/security/2019/dsa-4508
- https://www.debian.org/security/2019/dsa-4520
- https://seclists.org/bugtraq/2019/Sep/18
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10296
- https://access.redhat.com/errata/RHSA-2019:2766
- https://access.redhat.com/errata/RHSA-2019:2796
- https://access.redhat.com/errata/RHSA-2019:2861
- https://access.redhat.com/errata/RHSA-2019:2925
- https://access.redhat.com/errata/RHSA-2019:2939
- https://access.redhat.com/errata/RHSA-2019:2955
- https://support.f5.com/csp/article/K50233772?utm_source=f5support&utm_medium=RSS
- https://access.redhat.com/errata/RHSA-2019:3892
- https://access.redhat.com/errata/RHSA-2019:4018
- https://access.redhat.com/errata/RHSA-2019:4019
- https://access.redhat.com/errata/RHSA-2019:4021
- https://access.redhat.com/errata/RHSA-2019:4020
- https://access.redhat.com/errata/RHSA-2019:4041
- https://access.redhat.com/errata/RHSA-2019:4040
- https://access.redhat.com/errata/RHSA-2019:4042
- https://access.redhat.com/errata/RHSA-2019:4045
- https://access.redhat.com/errata/RHSA-2019:4352
- https://access.redhat.com/errata/RHSA-2020:0727
- https://usn.ubuntu.com/4308-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-9516: Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of…
Published: 2019-08-13T21:15:00 Last Modified: 2021-01-30T02:36:00
Summary
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling
CWE Description: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.0
- CVSS: 6.8
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-9516 vulnerability.
References
- https://kb.cert.org/vuls/id/605641/
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
- https://seclists.org/bugtraq/2019/Aug/24
- https://usn.ubuntu.com/4099-1/
- http://seclists.org/fulldisclosure/2019/Aug/16
- https://www.synology.com/security/advisory/Synology_SA_19_33
- https://support.f5.com/csp/article/K02591030
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/
- https://seclists.org/bugtraq/2019/Aug/40
- https://www.debian.org/security/2019/dsa-4505
- https://security.netapp.com/advisory/ntap-20190823-0005/
- https://security.netapp.com/advisory/ntap-20190823-0002/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10296
- https://access.redhat.com/errata/RHSA-2019:2746
- https://access.redhat.com/errata/RHSA-2019:2745
- https://access.redhat.com/errata/RHSA-2019:2775
- https://access.redhat.com/errata/RHSA-2019:2799
- https://access.redhat.com/errata/RHSA-2019:2925
- https://access.redhat.com/errata/RHSA-2019:2939
- https://access.redhat.com/errata/RHSA-2019:2946
- https://access.redhat.com/errata/RHSA-2019:2950
- https://access.redhat.com/errata/RHSA-2019:2955
- https://access.redhat.com/errata/RHSA-2019:2966
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html
- https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS
- https://access.redhat.com/errata/RHSA-2019:3935
- https://access.redhat.com/errata/RHSA-2019:3933
- https://access.redhat.com/errata/RHSA-2019:3932
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-9511: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization…
Published: 2019-08-13T21:15:00 Last Modified: 2021-01-30T02:36:00
Summary
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling
CWE Description: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Scores
- Impact Score: 6.9
- Exploitability Score: 10.0
- CVSS: 7.8
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-9511 vulnerability.
References
- https://kb.cert.org/vuls/id/605641/
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
- https://usn.ubuntu.com/4099-1/
- https://www.synology.com/security/advisory/Synology_SA_19_33
- https://support.f5.com/csp/article/K02591030
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/
- https://seclists.org/bugtraq/2019/Aug/40
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/
- https://www.debian.org/security/2019/dsa-4505
- https://security.netapp.com/advisory/ntap-20190823-0005/
- https://security.netapp.com/advisory/ntap-20190823-0002/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/
- https://seclists.org/bugtraq/2019/Sep/1
- https://www.debian.org/security/2019/dsa-4511
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/
- https://access.redhat.com/errata/RHSA-2019:2692
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10296
- https://access.redhat.com/errata/RHSA-2019:2746
- https://access.redhat.com/errata/RHSA-2019:2745
- https://access.redhat.com/errata/RHSA-2019:2775
- https://access.redhat.com/errata/RHSA-2019:2799
- https://access.redhat.com/errata/RHSA-2019:2925
- https://access.redhat.com/errata/RHSA-2019:2939
- https://access.redhat.com/errata/RHSA-2019:2949
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:2955
- https://access.redhat.com/errata/RHSA-2019:2966
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html
- https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS
- https://access.redhat.com/errata/RHSA-2019:3041
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3935
- https://access.redhat.com/errata/RHSA-2019:3933
- https://access.redhat.com/errata/RHSA-2019:3932
- https://access.redhat.com/errata/RHSA-2019:4018
- https://access.redhat.com/errata/RHSA-2019:4019
- https://access.redhat.com/errata/RHSA-2019:4021
- https://access.redhat.com/errata/RHSA-2019:4020
- https://www.debian.org/security/2020/dsa-4669
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-9514: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of…
Published: 2019-08-13T21:15:00 Last Modified: 2020-12-09T00:15:00
Summary
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling
CWE Description: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Scores
- Impact Score: 6.9
- Exploitability Score: 10.0
- CVSS: 7.8
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-9514 vulnerability.
References
- https://kb.cert.org/vuls/id/605641/
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
- https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
- https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E
- https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E
- https://seclists.org/bugtraq/2019/Aug/24
- http://seclists.org/fulldisclosure/2019/Aug/16
- https://www.synology.com/security/advisory/Synology_SA_19_33
- https://seclists.org/bugtraq/2019/Aug/31
- https://www.debian.org/security/2019/dsa-4503
- https://support.f5.com/csp/article/K01988340
- http://www.openwall.com/lists/oss-security/2019/08/20/1
- https://security.netapp.com/advisory/ntap-20190823-0004/
- https://security.netapp.com/advisory/ntap-20190823-0005/
- https://security.netapp.com/advisory/ntap-20190823-0001/
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
- https://seclists.org/bugtraq/2019/Aug/43
- https://www.debian.org/security/2019/dsa-4508
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html
- https://access.redhat.com/errata/RHSA-2019:2682
- https://www.debian.org/security/2019/dsa-4520
- https://access.redhat.com/errata/RHSA-2019:2726
- https://seclists.org/bugtraq/2019/Sep/18
- https://access.redhat.com/errata/RHSA-2019:2594
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
- https://access.redhat.com/errata/RHSA-2019:2661
- https://kc.mcafee.com/corporate/index?page=content&id=SB10296
- https://access.redhat.com/errata/RHSA-2019:2690
- https://access.redhat.com/errata/RHSA-2019:2766
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html
- https://access.redhat.com/errata/RHSA-2019:2796
- https://access.redhat.com/errata/RHSA-2019:2861
- https://access.redhat.com/errata/RHSA-2019:2925
- https://access.redhat.com/errata/RHSA-2019:2939
- https://access.redhat.com/errata/RHSA-2019:2955
- https://access.redhat.com/errata/RHSA-2019:2966
- https://support.f5.com/csp/article/K01988340?utm_source=f5support&utm_medium=RSS
- https://access.redhat.com/errata/RHSA-2019:3131
- https://access.redhat.com/errata/RHSA-2019:2769
- https://access.redhat.com/errata/RHSA-2019:3245
- https://access.redhat.com/errata/RHSA-2019:3265
- https://access.redhat.com/errata/RHSA-2019:3892
- https://access.redhat.com/errata/RHSA-2019:3906
- https://access.redhat.com/errata/RHSA-2019:4018
- https://access.redhat.com/errata/RHSA-2019:4020
- https://access.redhat.com/errata/RHSA-2019:4019
- https://access.redhat.com/errata/RHSA-2019:4021
- https://access.redhat.com/errata/RHSA-2019:4040
- https://access.redhat.com/errata/RHSA-2019:4042
- https://access.redhat.com/errata/RHSA-2019:4041
- https://access.redhat.com/errata/RHSA-2019:4045
- https://access.redhat.com/errata/RHSA-2019:4269
- https://access.redhat.com/errata/RHSA-2019:4273
- https://access.redhat.com/errata/RHSA-2019:4352
- https://access.redhat.com/errata/RHSA-2020:0406
- https://access.redhat.com/errata/RHSA-2020:0727
- https://usn.ubuntu.com/4308-1/
- https://www.debian.org/security/2020/dsa-4669
- https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-9517: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially…
Published: 2019-08-13T21:15:00 Last Modified: 2021-06-06T11:15:00
Summary
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling
CWE Description: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Scores
- Impact Score: 6.9
- Exploitability Score: 10.0
- CVSS: 7.8
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-9517 vulnerability.
References
- https://kb.cert.org/vuls/id/605641/
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
- https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3Cannounce.httpd.apache.org%3E
- https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
- http://www.openwall.com/lists/oss-security/2019/08/15/7
- https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3Cdev.httpd.apache.org%3E
- https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3Cdev.httpd.apache.org%3E
- https://www.synology.com/security/advisory/Synology_SA_19_33
- https://support.f5.com/csp/article/K02591030
- https://security.netapp.com/advisory/ntap-20190823-0005/
- https://security.netapp.com/advisory/ntap-20190823-0003/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
- https://www.debian.org/security/2019/dsa-4509
- https://seclists.org/bugtraq/2019/Aug/47
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/
- https://usn.ubuntu.com/4113-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html
- https://security.netapp.com/advisory/ntap-20190905-0003/
- https://security.gentoo.org/glsa/201909-04
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10296
- https://access.redhat.com/errata/RHSA-2019:2893
- https://access.redhat.com/errata/RHSA-2019:2925
- https://access.redhat.com/errata/RHSA-2019:2939
- https://access.redhat.com/errata/RHSA-2019:2946
- https://access.redhat.com/errata/RHSA-2019:2950
- https://access.redhat.com/errata/RHSA-2019:2949
- https://access.redhat.com/errata/RHSA-2019:2955
- https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3935
- https://access.redhat.com/errata/RHSA-2019:3933
- https://access.redhat.com/errata/RHSA-2019:3932
- https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-9518: Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a…
Published: 2019-08-13T21:15:00 Last Modified: 2021-05-27T16:21:00
Summary
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling
CWE Description: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Scores
- Impact Score: 6.9
- Exploitability Score: 10.0
- CVSS: 7.8
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-9518 vulnerability.
References
- https://kb.cert.org/vuls/id/605641/
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
- https://seclists.org/bugtraq/2019/Aug/24
- http://seclists.org/fulldisclosure/2019/Aug/16
- https://www.synology.com/security/advisory/Synology_SA_19_33
- https://support.f5.com/csp/article/K46011592
- https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61@%3Cusers.trafficserver.apache.org%3E
- https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d@%3Cannounce.trafficserver.apache.org%3E
- https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107@%3Cdev.trafficserver.apache.org%3E
- https://security.netapp.com/advisory/ntap-20190823-0005/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
- https://www.debian.org/security/2019/dsa-4520
- https://seclists.org/bugtraq/2019/Sep/18
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10296
- https://access.redhat.com/errata/RHSA-2019:2925
- https://access.redhat.com/errata/RHSA-2019:2939
- https://access.redhat.com/errata/RHSA-2019:2955
- https://support.f5.com/csp/article/K46011592?utm_source=f5support&utm_medium=RSS
- https://access.redhat.com/errata/RHSA-2019:3892
- https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
- https://access.redhat.com/errata/RHSA-2019:4352
- https://access.redhat.com/errata/RHSA-2020:0727
- https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc@%3Ccommits.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75@%3Ccommits.cassandra.apache.org%3E
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10171: It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17,…
Published: 2019-08-02T14:15:00 Last Modified: 2020-12-04T18:15:00
Summary
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.
Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling
CWE Description: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Scores
- Impact Score: 6.9
- Exploitability Score: 10.0
- CVSS: 7.8
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10171 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10166: It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would…
Published: 2019-08-02T13:15:00 Last Modified: 2020-10-15T13:28:00
Summary
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-10166 vulnerability.
References
- https://access.redhat.com/libvirt-privesc-vulnerabilities
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166
- https://security.gentoo.org/glsa/202003-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10167: The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before…
Published: 2019-08-02T13:15:00 Last Modified: 2020-10-15T13:28:00
Summary
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an “emulatorbin” argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain’s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-10167 vulnerability.
References
- https://access.redhat.com/libvirt-privesc-vulnerabilities
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167
- https://security.gentoo.org/glsa/202003-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10168: The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x…
Published: 2019-08-02T13:15:00 Last Modified: 2020-10-15T13:28:00
Summary
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an “emulator” argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain’s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-10168 vulnerability.
References
- https://access.redhat.com/libvirt-privesc-vulnerabilities
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168
- https://security.gentoo.org/glsa/202003-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3890: It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An…
Published: 2019-08-01T14:15:00 Last Modified: 2019-10-09T23:49:00
Summary
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.
Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation
CWE Description: The software does not validate, or incorrectly validates, a certificate.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3890 vulnerability.
References
- https://gitlab.gnome.org/GNOME/evolution-ews/issues/27
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890
- https://access.redhat.com/errata/RHSA-2019:3699
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10182: It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from …
Published: 2019-07-31T22:15:00 Last Modified: 2019-08-15T15:15:00
Summary
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10182 vulnerability.
References
- https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327
- https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10182
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html
- https://seclists.org/bugtraq/2019/Oct/5
- http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10161: It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients…
Published: 2019-07-30T23:15:00 Last Modified: 2021-03-25T14:09:00
Summary
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-10161 vulnerability.
References
- https://access.redhat.com/libvirt-privesc-vulnerabilities
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161
- https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580
- https://usn.ubuntu.com/4047-2/
- https://security.gentoo.org/glsa/202003-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10153: A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters…
Published: 2019-07-30T23:15:00 Last Modified: 2019-10-09T23:44:00
Summary
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM’s comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.
Common Weakness Enumeration (CWE): CWE-172: Encoding Error
CWE Description: The software does not properly encode or decode the data, resulting in unexpected values.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10153 vulnerability.
References
- https://github.com/ClusterLabs/fence-agents/pull/255
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153
- https://github.com/ClusterLabs/fence-agents/pull/272
- https://access.redhat.com/errata/RHSA-2019:2037
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16871: A flaw was found in the Linux kernel’s NFS implementation, all versions 3.x and all versions 4.x…
Published: 2019-07-30T17:15:00 Last Modified: 2021-10-04T19:15:00
Summary
A flaw was found in the Linux kernel’s NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16871 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871
- https://access.redhat.com/errata/RHSA-2019:2696
- https://access.redhat.com/errata/RHSA-2019:2730
- https://support.f5.com/csp/article/K18657134
- https://support.f5.com/csp/article/K18657134?utm_source=f5support&utm_medium=RSS
- https://access.redhat.com/errata/RHSA-2020:0740
- https://security.netapp.com/advisory/ntap-20211004-0002/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-11775: All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to…
Published: 2019-07-30T14:15:00 Last Modified: 2020-10-08T14:46:00
Summary
All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems.
Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CWE Description: The software checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-11775 vulnerability.
References
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=549601
- https://access.redhat.com/errata/RHSA-2019:2494
- https://access.redhat.com/errata/RHSA-2019:2495
- https://access.redhat.com/errata/RHSA-2019:2585
- https://access.redhat.com/errata/RHSA-2019:2590
- https://access.redhat.com/errata/RHSA-2019:2592
- https://access.redhat.com/errata/RHSA-2019:2737
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-13272: In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the…
Published: 2019-07-17T13:15:00 Last Modified: 2021-11-28T23:34:00
Summary
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit’s pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management
CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Exploits Database (Total Exploits Count: 4)
Code designed for conducting penetration testing on CVE-2019-13272 vulnerability.
- Linux Kernel 5.1.x - 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2) by Ujas Dhami at 2021-11-23
- Linux Polkit - pkexec helper PTRACE_TRACEME local root (Metasploit) by Metasploit at 2019-10-24
- Linux Kernel 4.10 < 5.1.17 - 'PTRACE_TRACEME' pkexec Local Privilege Escalation by bcoles at 2019-07-24
- Linux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME by Google Security Research at 2019-07-17
References
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
- http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17
- https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee
- https://bugzilla.suse.com/show_bug.cgi?id=1140671
- https://bugzilla.redhat.com/show_bug.cgi?id=1730895
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/
- https://www.debian.org/security/2019/dsa-4484
- https://seclists.org/bugtraq/2019/Jul/30
- https://seclists.org/bugtraq/2019/Jul/33
- https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html
- https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html
- http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://security.netapp.com/advisory/ntap-20190806-0001/
- https://access.redhat.com/errata/RHSA-2019:2405
- https://access.redhat.com/errata/RHSA-2019:2411
- https://usn.ubuntu.com/4095-1/
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4093-1/
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- https://support.f5.com/csp/article/K91025336
- https://usn.ubuntu.com/4117-1/
- https://usn.ubuntu.com/4118-1/
- https://access.redhat.com/errata/RHSA-2019:2809
- https://support.f5.com/csp/article/K91025336?utm_source=f5support&utm_medium=RSS
- http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html
- http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html
- http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-13616: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-…
Published: 2019-07-16T17:15:00 Last Modified: 2021-11-30T18:51:00
Summary
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-13616 vulnerability.
References
- https://bugzilla.libsdl.org/show_bug.cgi?id=4538
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/
- https://usn.ubuntu.com/4156-1/
- https://usn.ubuntu.com/4156-2/
- https://access.redhat.com/errata/RHSA-2019:3951
- https://access.redhat.com/errata/RHSA-2019:3950
- https://usn.ubuntu.com/4238-1/
- https://access.redhat.com/errata/RHSA-2020:0293
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
- https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html
- https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10192: A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions…
Published: 2019-07-11T19:15:00 Last Modified: 2021-10-28T12:14:00
Summary
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.0
- CVSS: 6.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10192 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192
- https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
- https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
- https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES
- https://www.debian.org/security/2019/dsa-4480
- https://seclists.org/bugtraq/2019/Jul/19
- https://usn.ubuntu.com/4061-1/
- http://www.securityfocus.com/bid/109290
- https://access.redhat.com/errata/RHSA-2019:1819
- https://access.redhat.com/errata/RHSA-2019:1860
- https://access.redhat.com/errata/RHSA-2019:2002
- https://security.gentoo.org/glsa/201908-04
- https://access.redhat.com/errata/RHSA-2019:2508
- https://access.redhat.com/errata/RHSA-2019:2506
- https://access.redhat.com/errata/RHSA-2019:2621
- https://access.redhat.com/errata/RHSA-2019:2630
- https://www.oracle.com/security-alerts/cpujul2020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10193: A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions…
Published: 2019-07-11T19:15:00 Last Modified: 2021-10-28T12:14:00
Summary
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.0
- CVSS: 6.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10193 vulnerability.
References
- https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
- https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193
- https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES
- https://www.debian.org/security/2019/dsa-4480
- https://seclists.org/bugtraq/2019/Jul/19
- https://usn.ubuntu.com/4061-1/
- http://www.securityfocus.com/bid/109290
- https://access.redhat.com/errata/RHSA-2019:1819
- https://access.redhat.com/errata/RHSA-2019:2002
- https://security.gentoo.org/glsa/201908-04
- https://www.oracle.com/security-alerts/cpujul2020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10183: Virt-install(1) utility used to provision new virtual machines has introduced an option ‘–…
Published: 2019-07-03T14:15:00 Last Modified: 2019-10-09T23:44:00
Summary
Virt-install(1) utility used to provision new virtual machines has introduced an option ‘–unattended’ to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-10183 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10183
- http://www.securityfocus.com/bid/109027
- https://access.redhat.com/errata/RHSA-2019:3464
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10164: PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-…
Published: 2019-06-26T16:15:00 Last Modified: 2020-10-02T14:34:00
Summary
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user’s own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.0
- CVSS: 9.0
- CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10164 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164
- https://www.postgresql.org/about/news/1949/
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00035.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAGE6H4FWLKFLHLWVYNPYGQRPIXTUWGB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/
- https://security.gentoo.org/glsa/202003-03
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-12384: FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts…
Published: 2019-06-24T16:15:00 Last Modified: 2020-10-20T22:15:00
Summary
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data
CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-12384 vulnerability.
References
- https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html
- https://doyensec.com/research.html
- https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad
- https://security.netapp.com/advisory/ntap-20190703-0002/
- https://access.redhat.com/errata/RHSA-2019:1820
- https://blog.doyensec.com/2019/07/22/jackson-gadgets.html
- https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E
- https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E
- https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E
- https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E
- https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E
- https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E
- https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E
- https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E
- https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E
- https://access.redhat.com/errata/RHSA-2019:2720
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/
- https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/
- https://access.redhat.com/errata/RHSA-2019:2858
- https://access.redhat.com/errata/RHSA-2019:2937
- https://access.redhat.com/errata/RHSA-2019:2936
- https://access.redhat.com/errata/RHSA-2019:2935
- https://access.redhat.com/errata/RHSA-2019:2938
- https://www.debian.org/security/2019/dsa-4542
- https://seclists.org/bugtraq/2019/Oct/6
- https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E
- https://access.redhat.com/errata/RHSA-2019:2998
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
- https://access.redhat.com/errata/RHSA-2019:3149
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
- https://access.redhat.com/errata/RHSA-2019:3292
- https://access.redhat.com/errata/RHSA-2019:3297
- https://access.redhat.com/errata/RHSA-2019:3200
- https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
- https://access.redhat.com/errata/RHSA-2019:3901
- https://access.redhat.com/errata/RHSA-2019:4352
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-11038: When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as…
Published: 2019-06-19T00:15:00 Last Modified: 2020-10-16T12:58:00
Summary
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
Common Weakness Enumeration (CWE): CWE-908: Use of Uninitialized Resource
CWE Description: The software uses or accesses a resource that has not been initialized.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-11038 vulnerability.
References
- https://bugs.php.net/bug.php?id=77973
- https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1724149
- https://bugzilla.suse.com/show_bug.cgi?id=1140120
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821
- https://github.com/libgd/libgd/issues/501
- https://bugzilla.redhat.com/show_bug.cgi?id=1724432
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/
- https://bugzilla.suse.com/show_bug.cgi?id=1140118
- https://access.redhat.com/errata/RHSA-2019:2519
- https://seclists.org/bugtraq/2019/Sep/38
- https://www.debian.org/security/2019/dsa-4529
- https://access.redhat.com/errata/RHSA-2019:3299
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
- https://usn.ubuntu.com/4316-2/
- https://usn.ubuntu.com/4316-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in…
Published: 2019-06-19T00:15:00 Last Modified: 2021-07-15T19:16:00
Summary
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-11478 vulnerability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
- https://access.redhat.com/security/vulnerabilities/tcpsack
- https://support.f5.com/csp/article/K26618426
- http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
- https://www.kb.cert.org/vuls/id/905115
- https://www.synology.com/security/advisory/Synology_SA_19_28
- https://security.netapp.com/advisory/ntap-20190625-0001/
- https://access.redhat.com/errata/RHSA-2019:1594
- https://access.redhat.com/errata/RHSA-2019:1602
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007
- https://kc.mcafee.com/corporate/index?page=content&id=SB10287
- http://www.openwall.com/lists/oss-security/2019/06/28/2
- http://www.vmware.com/security/advisories/VMSA-2019-0010.html
- http://www.openwall.com/lists/oss-security/2019/07/06/3
- http://www.openwall.com/lists/oss-security/2019/07/06/4
- https://access.redhat.com/errata/RHSA-2019:1699
- https://seclists.org/bugtraq/2019/Jul/30
- http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
- https://www.us-cert.gov/ics/advisories/icsa-19-253-03
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://www.openwall.com/lists/oss-security/2019/10/24/1
- http://www.openwall.com/lists/oss-security/2019/10/29/3
- https://www.oracle.com/security-alerts/cpujan2020.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
- https://www.oracle.com/security-alerts/cpuoct2020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer…
Published: 2019-06-19T00:15:00 Last Modified: 2021-07-15T19:16:00
Summary
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.9
- Exploitability Score: 10.0
- CVSS: 7.8
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-11477 vulnerability.
References
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
- https://access.redhat.com/security/vulnerabilities/tcpsack
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff
- https://support.f5.com/csp/article/K78234183
- http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
- https://www.kb.cert.org/vuls/id/905115
- http://www.openwall.com/lists/oss-security/2019/06/20/3
- https://www.synology.com/security/advisory/Synology_SA_19_28
- https://security.netapp.com/advisory/ntap-20190625-0001/
- https://access.redhat.com/errata/RHSA-2019:1594
- https://access.redhat.com/errata/RHSA-2019:1602
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006
- https://kc.mcafee.com/corporate/index?page=content&id=SB10287
- http://www.openwall.com/lists/oss-security/2019/06/28/2
- http://www.vmware.com/security/advisories/VMSA-2019-0010.html
- http://www.openwall.com/lists/oss-security/2019/07/06/3
- http://www.openwall.com/lists/oss-security/2019/07/06/4
- https://access.redhat.com/errata/RHSA-2019:1699
- https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
- https://www.us-cert.gov/ics/advisories/icsa-19-253-03
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://www.openwall.com/lists/oss-security/2019/10/24/1
- http://www.openwall.com/lists/oss-security/2019/10/29/3
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en
- https://www.oracle.com/security-alerts/cpujan2020.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
- https://www.oracle.com/security-alerts/cpuoct2020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-11479: Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This…
Published: 2019-06-19T00:15:00 Last Modified: 2020-10-20T22:15:00
Summary
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.
Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling
CWE Description: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-11479 vulnerability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6
- https://access.redhat.com/security/vulnerabilities/tcpsack
- https://support.f5.com/csp/article/K35421172
- http://www.securityfocus.com/bid/108818
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
- https://www.kb.cert.org/vuls/id/905115
- https://www.synology.com/security/advisory/Synology_SA_19_28
- https://security.netapp.com/advisory/ntap-20190625-0001/
- https://access.redhat.com/errata/RHSA-2019:1594
- https://access.redhat.com/errata/RHSA-2019:1602
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008
- https://kc.mcafee.com/corporate/index?page=content&id=SB10287
- http://www.openwall.com/lists/oss-security/2019/06/28/2
- https://usn.ubuntu.com/4041-2/
- http://www.openwall.com/lists/oss-security/2019/07/06/3
- http://www.openwall.com/lists/oss-security/2019/07/06/4
- https://access.redhat.com/errata/RHSA-2019:1699
- https://usn.ubuntu.com/4041-1/
- https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
- https://www.us-cert.gov/ics/advisories/icsa-19-253-03
- https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.us-cert.gov/ics/advisories/icsma-20-170-06
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
- https://www.oracle.com/security-alerts/cpuoct2020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3896: A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An…
Published: 2019-06-19T00:15:00 Last Modified: 2019-07-01T20:15:00
Summary
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).
Common Weakness Enumeration (CWE): CWE-415: Double Free
CWE Description: The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-3896 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3896
- http://www.securityfocus.com/bid/108814
- https://support.f5.com/csp/article/K04327111
- https://security.netapp.com/advisory/ntap-20190710-0002/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2012-6711: A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by…
Published: 2019-06-18T18:15:00 Last Modified: 2019-06-20T09:15:00
Summary
A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the “echo -e” built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2012-6711 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1721071
- http://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=863d31ae775d56b785dc5b0105b6d251515d81d5
- http://www.securityfocus.com/bid/108824
- https://support.f5.com/csp/article/K05122252
- https://support.f5.com/csp/article/K05122252?utm_source=f5support&utm_medium=RSS
- https://usn.ubuntu.com/4180-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8324: An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line…
Published: 2019-06-17T19:15:00 Last Modified: 2020-08-24T17:37:00
Summary
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
Common Weakness Enumeration (CWE): CWE-94: Improper Control of Generation of Code (‘Code Injection’)
CWE Description: The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-8324 vulnerability.
References
- https://hackerone.com/reports/328571
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
- https://access.redhat.com/errata/RHSA-2019:1972
- https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies…
Published: 2019-06-14T14:29:00 Last Modified: 2021-10-28T12:20:00
Summary
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10126 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10126
- https://www.debian.org/security/2019/dsa-4465
- https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html
- https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
- https://seclists.org/bugtraq/2019/Jun/26
- http://www.securityfocus.com/bid/108817
- https://support.f5.com/csp/article/K95593121
- https://security.netapp.com/advisory/ntap-20190710-0002/
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html
- https://seclists.org/bugtraq/2019/Jul/33
- http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://usn.ubuntu.com/4095-2/
- https://usn.ubuntu.com/4095-1/
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4093-1/
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- https://usn.ubuntu.com/4117-1/
- https://usn.ubuntu.com/4118-1/
- https://access.redhat.com/errata/RHSA-2019:3055
- https://access.redhat.com/errata/RHSA-2019:3076
- https://access.redhat.com/errata/RHSA-2019:3089
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://access.redhat.com/errata/RHSA-2019:3309
- https://access.redhat.com/errata/RHSA-2019:3517
- https://access.redhat.com/errata/RHSA-2020:0174
- https://access.redhat.com/errata/RHSA-2020:0204
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10155: The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange…
Published: 2019-06-12T14:29:00 Last Modified: 2020-09-30T14:20:00
Summary
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.
Common Weakness Enumeration (CWE): CWE-354: Improper Validation of Integrity Check Value
CWE Description: The software does not validate or incorrectly validates the integrity check values or “checksums” of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
Scores
- Impact Score: 2.9
- Exploitability Score: 6.8
- CVSS: 3.5
- CVSS Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10155 vulnerability.
References
- https://libreswan.org/security/CVE-2019-10155/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/
- https://access.redhat.com/errata/RHSA-2019:3391
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10160: A security regression of CVE-2019-9636 was discovered in python since commit…
Published: 2019-06-07T18:29:00 Last Modified: 2021-01-06T16:11:00
Summary
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.
Common Weakness Enumeration (CWE): CWE-255: Credentials Management Errors
CWE Description: Weaknesses in this category are related to the management of credentials.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10160 vulnerability.
References
- https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html
- https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160
- https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468
- https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de
- https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09
- https://security.netapp.com/advisory/ntap-20190617-0003/
- https://access.redhat.com/errata/RHSA-2019:1587
- https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html
- https://access.redhat.com/errata/RHSA-2019:1700
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/
- https://access.redhat.com/errata/RHSA-2019:2437
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html
- https://usn.ubuntu.com/4127-2/
- https://usn.ubuntu.com/4127-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in…
Published: 2019-06-03T22:29:00 Last Modified: 2020-02-25T19:04:00
Summary
An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.4
- CVSS: 4.7
- CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-12614 vulnerability.
References
- https://lkml.org/lkml/2019/6/3/526
- https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id=efa9ace68e487ddd29c2b4d6dd23242158f1f607
- http://www.securityfocus.com/bid/108550
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDURACJVGIBIYBSGDZJTRDPX46H5WPZW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBJHGQXA4PQ5EOGCOXEH3KFDNVZ2I4X7/
- https://security.netapp.com/advisory/ntap-20190710-0002/
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4095-2/
- https://usn.ubuntu.com/4095-1/
- https://usn.ubuntu.com/4093-1/
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- https://support.f5.com/csp/article/K54337315
- https://support.f5.com/csp/article/K54337315?utm_source=f5support&utm_medium=RSS
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://seclists.org/bugtraq/2020/Jan/10
- http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in…
Published: 2019-06-03T19:29:00 Last Modified: 2020-10-15T14:37:00
Summary
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 6.5
- CVSS: 8.3
- CVSS Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2019-3846 vulnerability.
References
- https://seclists.org/oss-sec/2019/q2/133
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3846
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/
- https://www.debian.org/security/2019/dsa-4465
- https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html
- https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html
- https://seclists.org/bugtraq/2019/Jun/26
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
- https://security.netapp.com/advisory/ntap-20190710-0002/
- https://seclists.org/bugtraq/2019/Jul/33
- http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://usn.ubuntu.com/4095-2/
- https://usn.ubuntu.com/4095-1/
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4093-1/
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- https://usn.ubuntu.com/4117-1/
- https://usn.ubuntu.com/4118-1/
- https://access.redhat.com/errata/RHSA-2019:2703
- https://access.redhat.com/errata/RHSA-2019:2741
- https://access.redhat.com/errata/RHSA-2019:3055
- https://access.redhat.com/errata/RHSA-2019:3076
- https://access.redhat.com/errata/RHSA-2019:3089
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://access.redhat.com/errata/RHSA-2020:0174
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10143: ** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly…
Published: 2019-05-24T17:29:00 Last Modified: 2020-09-30T14:22:00
Summary
** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated “there is simply no way for anyone to gain privileges through this alleged issue.”
Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
CWE Description: The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.4
- CVSS: 6.9
- CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-10143 vulnerability.
References
- https://github.com/FreeRADIUS/freeradius-server/pull/2666
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/
- https://freeradius.org/security/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/
- https://access.redhat.com/errata/RHSA-2019:3353
- http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2019/Nov/14
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-7837: Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and…
Published: 2019-05-22T19:29:00 Last Modified: 2019-05-23T13:48:00
Summary
Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-7837 vulnerability.
References
- https://www.zerodayinitiative.com/advisories/ZDI-19-498/
- https://helpx.adobe.com/security/products/flash-player/apsb19-26.html
- https://access.redhat.com/errata/RHSA-2019:1234
- http://www.securityfocus.com/bid/108312
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3839: It was found that in ghostscript some privileged operators remained accessible from various…
Published: 2019-05-16T19:29:00 Last Modified: 2020-10-15T14:31:00
Summary
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3839 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3839
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9
- https://lists.debian.org/debian-lts-announce/2019/05/msg00023.html
- https://www.debian.org/security/2019/dsa-4442
- https://usn.ubuntu.com/3970-1/
- https://seclists.org/bugtraq/2019/May/23
- https://access.redhat.com/errata/RHSA-2019:1017
- https://access.redhat.com/errata/RHSA-2019:0971
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-11811: An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon…
Published: 2019-05-07T14:29:00 Last Modified: 2020-05-06T15:14:00
Summary
An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.4
- CVSS: 6.9
- CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-11811 vulnerability.
References
- https://github.com/torvalds/linux/commit/401e7e88d4ef80188ffa07095ac00456f901b8c4
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=401e7e88d4ef80188ffa07095ac00456f901b8c4
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.4
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
- https://support.f5.com/csp/article/K01512680
- https://security.netapp.com/advisory/ntap-20190719-0003/
- http://www.securityfocus.com/bid/108410
- https://access.redhat.com/errata/RHSA-2019:1873
- https://access.redhat.com/errata/RHSA-2019:1891
- https://access.redhat.com/errata/RHSA-2019:1959
- https://access.redhat.com/errata/RHSA-2019:1971
- https://access.redhat.com/errata/RHSA-2019:4058
- https://access.redhat.com/errata/RHSA-2019:4057
- https://access.redhat.com/errata/RHSA-2020:0036
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10131: An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the…
Published: 2019-04-30T19:29:00 Last Modified: 2021-10-28T12:20:00
Summary
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.
Common Weakness Enumeration (CWE): CWE-193: Off-by-one Error
CWE Description: A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-10131 vulnerability.
References
- https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10131
- http://www.securityfocus.com/bid/108117
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00051.html
- https://usn.ubuntu.com/4034-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3900: An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and…
Published: 2019-04-25T15:29:00 Last Modified: 2021-12-15T15:41:00
Summary
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.
Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.0
- CVSS: 6.8
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3900 vulnerability.
References
- https://www.spinics.net/lists/kernel/msg3111012.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3900
- http://www.securityfocus.com/bid/108076
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TOFNJA5NNVXQ6AV6KGZB677JIVXAMJHT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYTZH6QCNITK7353S6RCRT2PQHZSDPXD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3WXXM5URTZSR3RVEKO6MDXDFIKTZ5R/
- https://security.netapp.com/advisory/ntap-20190517-0005/
- https://access.redhat.com/errata/RHSA-2019:1973
- https://access.redhat.com/errata/RHSA-2019:2043
- https://access.redhat.com/errata/RHSA-2019:2029
- https://www.debian.org/security/2019/dsa-4497
- https://seclists.org/bugtraq/2019/Aug/18
- https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
- https://usn.ubuntu.com/4114-1/
- https://usn.ubuntu.com/4117-1/
- https://usn.ubuntu.com/4116-1/
- https://usn.ubuntu.com/4115-1/
- https://usn.ubuntu.com/4118-1/
- https://access.redhat.com/errata/RHSA-2019:3220
- https://access.redhat.com/errata/RHSA-2019:3517
- https://access.redhat.com/errata/RHSA-2019:3309
- https://seclists.org/bugtraq/2019/Nov/11
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://access.redhat.com/errata/RHSA-2019:3836
- https://access.redhat.com/errata/RHSA-2019:3967
- https://access.redhat.com/errata/RHSA-2019:4058
- https://access.redhat.com/errata/RHSA-2020:0204
- https://www.oracle.com/security-alerts/cpuApr2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3902: A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to…
Published: 2019-04-22T16:29:00 Last Modified: 2020-07-31T13:15:00
Summary
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial’s path-checking logic and write files outside a repository.
Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)
CWE Description: The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3902 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902
- https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html
- https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
- https://usn.ubuntu.com/4086-1/
- https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-11235: FreeRADIUS before 3.0.19 mishandles the “each participant verifies that the received scalar is…
Published: 2019-04-22T11:29:00 Last Modified: 2019-05-13T18:29:00
Summary
FreeRADIUS before 3.0.19 mishandles the “each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used” protection mechanism, aka a “Dragonblood” issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
Common Weakness Enumeration (CWE): CWE-345: Insufficient Verification of Data Authenticity
CWE Description: The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-11235 vulnerability.
References
- https://www.kb.cert.org/vuls/id/871675/
- https://papers.mathyvanhoef.com/dragonblood.pdf
- https://freeradius.org/security/
- https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19
- https://bugzilla.redhat.com/show_bug.cgi?id=1695748
- https://usn.ubuntu.com/3954-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html
- https://access.redhat.com/errata/RHSA-2019:1131
- https://access.redhat.com/errata/RHSA-2019:1142
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-11234: FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a…
Published: 2019-04-22T11:29:00 Last Modified: 2019-05-13T18:29:00
Summary
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a “Dragonblood” issue, a similar issue to CVE-2019-9497.
Common Weakness Enumeration (CWE): CWE-287: Improper Authentication
CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-11234 vulnerability.
References
- https://www.kb.cert.org/vuls/id/871675/
- https://papers.mathyvanhoef.com/dragonblood.pdf
- https://freeradius.org/security/
- https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19
- https://bugzilla.redhat.com/show_bug.cgi?id=1695783
- https://usn.ubuntu.com/3954-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html
- https://access.redhat.com/errata/RHSA-2019:1131
- https://access.redhat.com/errata/RHSA-2019:1142
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10245: In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a…
Published: 2019-04-19T14:29:00 Last Modified: 2021-10-28T13:40:00
Summary
In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10245 vulnerability.
References
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=545588
- http://www.securityfocus.com/bid/108094
- https://access.redhat.com/errata/RHSA-2019:1166
- https://access.redhat.com/errata/RHSA-2019:1165
- https://access.redhat.com/errata/RHSA-2019:1164
- https://access.redhat.com/errata/RHSA-2019:1163
- https://access.redhat.com/errata/RHSA-2019:1238
- https://access.redhat.com/errata/RHSA-2019:1325
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3883: In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will…
Published: 2019-04-17T14:29:00 Last Modified: 2020-11-13T16:15:00
Summary
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most ‘ioblocktimeout’ seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.
Common Weakness Enumeration (CWE): CWE-772: Missing Release of Resource after Effective Lifetime
CWE Description: The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3883 vulnerability.
References
- https://pagure.io/389-ds-base/pull-request/50331
- https://pagure.io/389-ds-base/issue/50329
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3883
- https://lists.debian.org/debian-lts-announce/2019/05/msg00008.html
- https://access.redhat.com/errata/RHSA-2019:1896
- https://access.redhat.com/errata/RHSA-2019:3401
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3459: A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel…
Published: 2019-04-11T16:29:00 Last Modified: 2021-07-21T11:39:00
Summary
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 6.5
- CVSS: 3.3
- CVSS Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2019-3459 vulnerability.
References
- https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html
- https://marc.info/?l=oss-security&m=154721580222522&w=2
- https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/
- https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69
- https://bugzilla.redhat.com/show_bug.cgi?id=1663176
- https://bugzilla.novell.com/show_bug.cgi?id=1120758
- https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
- http://www.openwall.com/lists/oss-security/2019/06/27/2
- http://www.openwall.com/lists/oss-security/2019/06/27/7
- http://www.openwall.com/lists/oss-security/2019/06/28/1
- http://www.openwall.com/lists/oss-security/2019/06/28/2
- https://access.redhat.com/errata/RHSA-2019:2043
- https://access.redhat.com/errata/RHSA-2019:2029
- http://www.openwall.com/lists/oss-security/2019/08/12/1
- https://access.redhat.com/errata/RHSA-2019:3517
- https://access.redhat.com/errata/RHSA-2019:3309
- https://access.redhat.com/errata/RHSA-2020:0740
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3837: It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is…
Published: 2019-04-11T15:29:00 Last Modified: 2020-12-04T18:15:00
Summary
It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.
Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
CWE Description: The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-3837 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3842: In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the…
Published: 2019-04-09T21:29:00 Last Modified: 2022-01-31T18:51:00
Summary
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the “allow_active” element rather than “allow_any”.
Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization
CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2019-3842 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/
- https://www.exploit-db.com/exploits/46743/
- http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
See also: All popular products CVE Vulnerabilities of redhat
CVE-2017-3139: A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker…
Published: 2019-04-09T18:29:00 Last Modified: 2021-05-14T20:35:00
Summary
A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
Common Weakness Enumeration (CWE): CWE-617: Reachable Assertion
CWE Description: The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2017-3139 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1447743
- https://access.redhat.com/security/cve/cve-2017-3139
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3880: A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry…
Published: 2019-04-09T16:29:00 Last Modified: 2019-05-27T08:29:00
Summary
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.0
- CVSS: 5.5
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3880 vulnerability.
References
- https://www.samba.org/samba/security/CVE-2019-3880.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html
- https://access.redhat.com/security/cve/cve-2019-3880
- https://security.netapp.com/advisory/ntap-20190411-0004/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00106.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSRLRO7BPRFETVFZ4TVJL2VFZEPHKJY4/
- https://www.synology.com/security/advisory/Synology_SA_19_15
- https://support.f5.com/csp/article/K20804356
- https://access.redhat.com/errata/RHSA-2019:1966
- https://access.redhat.com/errata/RHSA-2019:1967
- https://access.redhat.com/errata/RHSA-2019:2099
- https://access.redhat.com/errata/RHSA-2019:3582
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3887: A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access…
Published: 2019-04-09T16:29:00 Last Modified: 2021-11-02T20:18:00
Summary
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0’s APIC register values via L2 guest, when ‘virtualize x2APIC mode’ is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.
Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization
CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.4
- CVSS: 4.7
- CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-3887 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3887
- http://www.securityfocus.com/bid/107850
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWPOIII2L73HV5PGXSGMRMKQIK47UIYE/
- https://usn.ubuntu.com/3980-1/
- https://usn.ubuntu.com/3979-1/
- https://usn.ubuntu.com/3980-2/
- https://access.redhat.com/errata/RHSA-2019:2703
- https://access.redhat.com/errata/RHSA-2019:2741
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-0217: In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when…
Published: 2019-04-08T21:29:00 Last Modified: 2021-06-06T11:15:00
Summary
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
CWE Description: The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
Scores
- Impact Score: 6.4
- Exploitability Score: 6.8
- CVSS: 6.0
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-0217 vulnerability.
References
- https://www.debian.org/security/2019/dsa-4422
- https://usn.ubuntu.com/3937-1/
- https://seclists.org/bugtraq/2019/Apr/5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/
- https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html
- https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808@%3Cdev.httpd.apache.org%3E
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1695020
- http://www.securityfocus.com/bid/107668
- http://www.openwall.com/lists/oss-security/2019/04/02/5
- https://usn.ubuntu.com/3937-2/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html
- https://security.netapp.com/advisory/ntap-20190423-0001/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://access.redhat.com/errata/RHSA-2019:2343
- https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3436
- https://access.redhat.com/errata/RHSA-2019:3935
- https://access.redhat.com/errata/RHSA-2019:3933
- https://access.redhat.com/errata/RHSA-2019:3932
- https://access.redhat.com/errata/RHSA-2019:4126
- https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3877: A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL…
Published: 2019-03-27T13:29:00 Last Modified: 2019-04-16T18:29:00
Summary
A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.
Common Weakness Enumeration (CWE): CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
CWE Description: A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3877 vulnerability.
References
- https://github.com/Uninett/mod_auth_mellon/issues/35
- https://github.com/Uninett/mod_auth_mellon/commit/62041428a32de402e0be6ba45fe12df6a83bedb8
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3877
- https://usn.ubuntu.com/3924-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/
- https://access.redhat.com/errata/RHSA-2019:0766
- https://access.redhat.com/errata/RHSA-2019:3421
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3878: A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse…
Published: 2019-03-26T18:29:00 Last Modified: 2019-05-07T09:29:00
Summary
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.
Common Weakness Enumeration (CWE): CWE-287: Improper Authentication
CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3878 vulnerability.
References
- https://github.com/Uninett/mod_auth_mellon/pull/196
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878
- https://usn.ubuntu.com/3924-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/
- https://access.redhat.com/errata/RHSA-2019:0746
- https://access.redhat.com/errata/RHSA-2019:0766
- https://access.redhat.com/errata/RHSA-2019:0985
- https://access.redhat.com/errata/RHBA-2019:0959
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3838: It was found that the forceput operator could be extracted from the DefineResource method in…
Published: 2019-03-25T19:29:00 Last Modified: 2020-10-15T14:05:00
Summary
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3838 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3838
- https://bugs.ghostscript.com/show_bug.cgi?id=700576
- https://access.redhat.com/errata/RHSA-2019:0652
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVERLGEU3OV6RNZ2SIBXREWD3BF5H23N/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANBSCZABXQUEQWIKNWJ35IYX24M227EI/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00011.html
- https://seclists.org/bugtraq/2019/Apr/4
- http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A43SRQAEHQCKSEMIBINHUNIGHTDCZD7F/
- https://www.debian.org/security/2019/dsa-4432
- https://seclists.org/bugtraq/2019/Apr/28
- https://lists.debian.org/debian-lts-announce/2019/04/msg00021.html
- https://access.redhat.com/errata/RHSA-2019:0971
- https://security.gentoo.org/glsa/202004-03
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3874: The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem….
Published: 2019-03-25T19:29:00 Last Modified: 2021-06-14T18:15:00
Summary
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 2.9
- Exploitability Score: 6.5
- CVSS: 3.3
- CVSS Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2019-3874 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3874
- https://security.netapp.com/advisory/ntap-20190411-0003/
- https://usn.ubuntu.com/3981-1/
- https://usn.ubuntu.com/3980-1/
- https://usn.ubuntu.com/3979-1/
- https://usn.ubuntu.com/3982-2/
- https://usn.ubuntu.com/3982-1/
- https://usn.ubuntu.com/3980-2/
- https://usn.ubuntu.com/3981-2/
- https://access.redhat.com/errata/RHSA-2019:3517
- https://access.redhat.com/errata/RHSA-2019:3309
- https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3856: An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2…
Published: 2019-03-25T19:29:00 Last Modified: 2020-10-15T13:43:00
Summary
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3856 vulnerability.
References
- https://www.libssh2.org/CVE-2019-3856.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856
- https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html
- https://security.netapp.com/advisory/ntap-20190327-0005/
- https://access.redhat.com/errata/RHSA-2019:0679
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/
- https://www.debian.org/security/2019/dsa-4431
- https://seclists.org/bugtraq/2019/Apr/25
- https://access.redhat.com/errata/RHSA-2019:1175
- https://access.redhat.com/errata/RHSA-2019:1652
- https://access.redhat.com/errata/RHSA-2019:1791
- https://access.redhat.com/errata/RHSA-2019:1943
- https://access.redhat.com/errata/RHSA-2019:2399
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3857: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2…
Published: 2019-03-25T19:29:00 Last Modified: 2020-10-15T13:43:00
Summary
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3857 vulnerability.
References
- https://www.libssh2.org/CVE-2019-3857.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857
- https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html
- https://security.netapp.com/advisory/ntap-20190327-0005/
- https://access.redhat.com/errata/RHSA-2019:0679
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/
- https://www.debian.org/security/2019/dsa-4431
- https://seclists.org/bugtraq/2019/Apr/25
- https://access.redhat.com/errata/RHSA-2019:1175
- https://access.redhat.com/errata/RHSA-2019:1652
- https://access.redhat.com/errata/RHSA-2019:1791
- https://access.redhat.com/errata/RHSA-2019:1943
- https://access.redhat.com/errata/RHSA-2019:2399
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3835: It was found that the superexec operator was available in the internal dictionary in ghostscript…
Published: 2019-03-25T19:29:00 Last Modified: 2020-10-15T13:50:00
Summary
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3835 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3835
- https://bugs.ghostscript.com/show_bug.cgi?id=700585
- https://access.redhat.com/errata/RHSA-2019:0652
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVERLGEU3OV6RNZ2SIBXREWD3BF5H23N/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANBSCZABXQUEQWIKNWJ35IYX24M227EI/
- https://seclists.org/bugtraq/2019/Apr/4
- http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A43SRQAEHQCKSEMIBINHUNIGHTDCZD7F/
- https://www.debian.org/security/2019/dsa-4432
- https://seclists.org/bugtraq/2019/Apr/28
- http://www.securityfocus.com/bid/107855
- https://lists.debian.org/debian-lts-announce/2019/04/msg00021.html
- https://access.redhat.com/errata/RHSA-2019:0971
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
- https://security.gentoo.org/glsa/202004-03
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16838: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by…
Published: 2019-03-25T18:29:00 Last Modified: 2020-10-15T13:28:00
Summary
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management
CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.0
- CVSS: 5.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16838 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html
- https://access.redhat.com/errata/RHSA-2019:2177
- https://access.redhat.com/errata/RHSA-2019:2437
- https://access.redhat.com/errata/RHSA-2019:3651
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3863: A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive…
Published: 2019-03-25T18:29:00 Last Modified: 2019-05-14T21:29:00
Summary
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3863 vulnerability.
References
- https://www.libssh2.org/CVE-2019-3863.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863
- https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html
- https://security.netapp.com/advisory/ntap-20190327-0005/
- https://access.redhat.com/errata/RHSA-2019:0679
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/
- https://www.debian.org/security/2019/dsa-4431
- https://seclists.org/bugtraq/2019/Apr/25
- https://access.redhat.com/errata/RHSA-2019:1175
- https://access.redhat.com/errata/RHSA-2019:1652
- https://access.redhat.com/errata/RHSA-2019:1791
- https://access.redhat.com/errata/RHSA-2019:1943
- https://access.redhat.com/errata/RHSA-2019:2399
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3855: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2…
Published: 2019-03-21T21:29:00 Last Modified: 2020-10-15T13:42:00
Summary
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3855 vulnerability.
References
- https://www.libssh2.org/CVE-2019-3855.html
- https://seclists.org/bugtraq/2019/Mar/25
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855
- http://www.securityfocus.com/bid/107485
- http://www.openwall.com/lists/oss-security/2019/03/18/3
- http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767
- https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html
- https://security.netapp.com/advisory/ntap-20190327-0005/
- https://access.redhat.com/errata/RHSA-2019:0679
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/
- https://www.debian.org/security/2019/dsa-4431
- https://seclists.org/bugtraq/2019/Apr/25
- https://access.redhat.com/errata/RHSA-2019:1175
- https://access.redhat.com/errata/RHSA-2019:1652
- https://access.redhat.com/errata/RHSA-2019:1791
- https://access.redhat.com/errata/RHSA-2019:1943
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/
- https://access.redhat.com/errata/RHSA-2019:2399
- https://support.apple.com/kb/HT210609
- https://seclists.org/bugtraq/2019/Sep/49
- http://seclists.org/fulldisclosure/2019/Sep/42
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-7221: The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
Published: 2019-03-21T16:01:00 Last Modified: 2020-10-15T13:28:00
Summary
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-7221 vulnerability.
References
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/
- https://github.com/torvalds/linux/commits/master/arch/x86/kvm
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1760
- http://www.openwall.com/lists/oss-security/2019/02/18/2
- http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html
- http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
- https://usn.ubuntu.com/3932-2/
- https://usn.ubuntu.com/3932-1/
- https://usn.ubuntu.com/3931-2/
- https://usn.ubuntu.com/3931-1/
- https://usn.ubuntu.com/3930-2/
- https://usn.ubuntu.com/3930-1/
- https://security.netapp.com/advisory/ntap-20190404-0002/
- https://access.redhat.com/errata/RHSA-2019:0833
- https://access.redhat.com/errata/RHSA-2019:0818
- https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
- https://access.redhat.com/errata/RHBA-2019:0959
- https://support.f5.com/csp/article/K08413011
- https://access.redhat.com/errata/RHSA-2019:3967
- https://access.redhat.com/errata/RHSA-2019:4058
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-6116: In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system…
Published: 2019-03-21T16:01:00 Last Modified: 2020-08-24T17:37:00
Summary
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2019-6116 vulnerability.
References
- https://www.exploit-db.com/exploits/46242/
- https://www.debian.org/security/2019/dsa-4372
- https://usn.ubuntu.com/3866-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWVAVCDXBLPLJMVGNSKGGDTBEOHCJBKK/
- https://lists.debian.org/debian-lts-announce/2019/02/msg00016.html
- https://bugs.ghostscript.com/show_bug.cgi?id=700317
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1729
- https://access.redhat.com/errata/RHSA-2019:0229
- http://www.securityfocus.com/bid/106700
- http://www.openwall.com/lists/oss-security/2019/01/23/5
- http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html
- http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7N6T5L3SSJX2AVUPHP7GCPATFWUPKZT2/
- http://www.openwall.com/lists/oss-security/2019/03/21/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVWXVKG72IGEJYHLWE6H3CGALHGFSGGY/
- https://seclists.org/bugtraq/2019/Apr/4
- http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html
- https://access.redhat.com/errata/RHBA-2019:0327
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
- https://security.gentoo.org/glsa/202004-03
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-6454: An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-…
Published: 2019-03-21T16:01:00 Last Modified: 2022-01-28T19:12:00
Summary
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-6454 vulnerability.
References
- https://www.debian.org/security/2019/dsa-4393
- https://usn.ubuntu.com/3891-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/
- https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html
- https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c
- https://access.redhat.com/errata/RHSA-2019:0368
- http://www.securityfocus.com/bid/107081
- http://www.openwall.com/lists/oss-security/2019/02/19/1
- http://www.openwall.com/lists/oss-security/2019/02/18/3
- http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html
- https://security.netapp.com/advisory/ntap-20190327-0004/
- https://kc.mcafee.com/corporate/index?page=content&id=SB10278
- https://access.redhat.com/errata/RHSA-2019:0990
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html
- https://access.redhat.com/errata/RHSA-2019:1322
- https://access.redhat.com/errata/RHSA-2019:1502
- https://access.redhat.com/errata/RHSA-2019:2805
- http://www.openwall.com/lists/oss-security/2021/07/20/2
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-20615: An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and…
Published: 2019-03-21T16:00:00 Last Modified: 2019-04-25T12:57:00
Summary
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-20615 vulnerability.
References
- https://www.mail-archive.com/haproxy@formilux.org/msg32304.html
- https://usn.ubuntu.com/3858-1/
- https://access.redhat.com/errata/RHSA-2019:0275
- http://www.securityfocus.com/bid/106645
- http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00018.html
- https://access.redhat.com/errata/RHBA-2019:0327
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3816: Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure…
Published: 2019-03-14T22:29:00 Last Modified: 2021-11-02T20:17:00
Summary
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3816 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3816
- http://bugzilla.suse.com/show_bug.cgi?id=1122623
- http://www.securityfocus.com/bid/107368
- http://www.securityfocus.com/bid/107409
- https://access.redhat.com/errata/RHSA-2019:0638
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B2HEZ7D7GF3HDF36JLGYXIK5URR66DS4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CXQP7UDPRZIZ4LM7FEJCTC2EDUYVOR2J/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html
- https://access.redhat.com/errata/RHSA-2019:0972
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-9741: An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker…
Published: 2019-03-13T08:29:00 Last Modified: 2021-03-22T13:05:00
Summary
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
Common Weakness Enumeration (CWE): CWE-93: Improper Neutralization of CRLF Sequences (‘CRLF Injection’)
CWE Description: The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-9741 vulnerability.
References
- https://github.com/golang/go/issues/30794
- http://www.securityfocus.com/bid/107432
- https://lists.debian.org/debian-lts-announce/2019/04/msg00007.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TOOVCEPQM7TZA6VEZEEB7QZABXNHQEHH/
- https://access.redhat.com/errata/RHSA-2019:1300
- https://access.redhat.com/errata/RHSA-2019:1519
- https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-9636: Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode…
Published: 2019-03-08T21:29:00 Last Modified: 2020-10-29T14:15:00
Summary
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-9636 vulnerability.
References
- https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html
- https://github.com/python/cpython/pull/12201
- https://bugs.python.org/issue36216
- http://www.securityfocus.com/bid/107400
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/
- https://access.redhat.com/errata/RHSA-2019:0710
- https://access.redhat.com/errata/RHSA-2019:0765
- https://access.redhat.com/errata/RHSA-2019:0806
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html
- https://access.redhat.com/errata/RHSA-2019:0902
- https://access.redhat.com/errata/RHSA-2019:0997
- https://access.redhat.com/errata/RHSA-2019:0981
- https://access.redhat.com/errata/RHBA-2019:0959
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/
- https://security.netapp.com/advisory/ntap-20190517-0001/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/
- https://access.redhat.com/errata/RHSA-2019:1467
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html
- https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html
- https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html
- https://access.redhat.com/errata/RHBA-2019:0763
- https://access.redhat.com/errata/RHBA-2019:0764
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html
- https://usn.ubuntu.com/4127-2/
- https://usn.ubuntu.com/4127-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/
- https://access.redhat.com/errata/RHSA-2019:2980
- https://access.redhat.com/errata/RHSA-2019:3170
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/
- https://www.oracle.com/security-alerts/cpujan2020.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
- https://security.gentoo.org/glsa/202003-26
- https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-9213: In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap…
Published: 2019-03-05T22:29:00 Last Modified: 2019-06-17T21:15:00
Summary
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Exploits Database (Total Exploits Count: 2)
Code designed for conducting penetration testing on CVE-2019-9213 vulnerability.
- Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit) by Metasploit at 2020-01-23
- Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem by Google Security Research at 2019-03-06
References
- https://github.com/torvalds/linux/commit/0a1d52994d440e21def1c2174932410b4f2a98a1
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.14
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.27
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.105
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1792
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1
- https://www.exploit-db.com/exploits/46502/
- http://www.securityfocus.com/bid/107296
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00045.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
- https://usn.ubuntu.com/3933-2/
- https://usn.ubuntu.com/3932-2/
- https://usn.ubuntu.com/3932-1/
- https://usn.ubuntu.com/3931-2/
- https://usn.ubuntu.com/3931-1/
- https://usn.ubuntu.com/3930-2/
- https://usn.ubuntu.com/3930-1/
- https://usn.ubuntu.com/3933-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html
- https://access.redhat.com/errata/RHSA-2019:0831
- https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
- https://access.redhat.com/errata/RHSA-2019:1479
- https://access.redhat.com/errata/RHSA-2019:1480
- http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-12395: By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain…
Published: 2019-02-28T18:29:00 Last Modified: 2019-10-03T00:03:00
Summary
By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-12395 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2018-27/
- https://www.mozilla.org/security/advisories/mfsa2018-26/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1467523
- https://www.debian.org/security/2018/dsa-4324
- https://usn.ubuntu.com/3801-1/
- https://security.gentoo.org/glsa/201811-04
- https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html
- https://access.redhat.com/errata/RHSA-2018:3006
- https://access.redhat.com/errata/RHSA-2018:3005
- http://www.securitytracker.com/id/1041944
- http://www.securityfocus.com/bid/105718
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-12389: Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2….
Published: 2019-02-28T18:29:00 Last Modified: 2019-03-01T18:51:00
Summary
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-12389 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2018-28/
- https://www.mozilla.org/security/advisories/mfsa2018-27/
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198
- https://www.debian.org/security/2018/dsa-4337
- https://www.debian.org/security/2018/dsa-4324
- https://usn.ubuntu.com/3868-1/
- https://security.gentoo.org/glsa/201811-13
- https://security.gentoo.org/glsa/201811-04
- https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
- https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html
- https://access.redhat.com/errata/RHSA-2018:3532
- https://access.redhat.com/errata/RHSA-2018:3531
- https://access.redhat.com/errata/RHSA-2018:3006
- https://access.redhat.com/errata/RHSA-2018:3005
- http://www.securitytracker.com/id/1041944
- http://www.securityfocus.com/bid/105769
- http://www.securityfocus.com/bid/105723
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-12390: Mozilla developers and community members reported memory safety bugs present in Firefox 62 and…
Published: 2019-02-28T18:29:00 Last Modified: 2019-03-01T19:03:00
Summary
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-12390 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2018-28/
- https://www.mozilla.org/security/advisories/mfsa2018-27/
- https://www.mozilla.org/security/advisories/mfsa2018-26/
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1484905%2C1490561%2C1492524%2C1481844
- https://www.debian.org/security/2018/dsa-4337
- https://www.debian.org/security/2018/dsa-4324
- https://usn.ubuntu.com/3868-1/
- https://usn.ubuntu.com/3801-1/
- https://security.gentoo.org/glsa/201811-13
- https://security.gentoo.org/glsa/201811-04
- https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
- https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html
- https://access.redhat.com/errata/RHSA-2018:3532
- https://access.redhat.com/errata/RHSA-2018:3531
- https://access.redhat.com/errata/RHSA-2018:3006
- https://access.redhat.com/errata/RHSA-2018:3005
- http://www.securitytracker.com/id/1041944
- http://www.securityfocus.com/bid/105769
- http://www.securityfocus.com/bid/105718
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-12396: A vulnerability where a WebExtension can run content scripts in disallowed contexts following…
Published: 2019-02-28T18:29:00 Last Modified: 2019-10-03T00:03:00
Summary
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource
CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-12396 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2018-27/
- https://www.mozilla.org/security/advisories/mfsa2018-26/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1483602
- https://www.debian.org/security/2018/dsa-4324
- https://usn.ubuntu.com/3801-1/
- https://security.gentoo.org/glsa/201811-04
- https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html
- https://access.redhat.com/errata/RHSA-2018:3006
- https://access.redhat.com/errata/RHSA-2018:3005
- http://www.securitytracker.com/id/1041944
- http://www.securityfocus.com/bid/105718
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-12405: Mozilla developers and community members reported memory safety bugs present in Firefox 63 and…
Published: 2019-02-28T18:29:00 Last Modified: 2019-03-12T12:55:00
Summary
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-12405 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2018-31/
- https://www.mozilla.org/security/advisories/mfsa2018-30/
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471
- https://www.debian.org/security/2019/dsa-4362
- https://www.debian.org/security/2018/dsa-4354
- https://usn.ubuntu.com/3868-1/
- https://usn.ubuntu.com/3844-1/
- https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html
- https://access.redhat.com/errata/RHSA-2019:0160
- https://access.redhat.com/errata/RHSA-2019:0159
- https://access.redhat.com/errata/RHSA-2018:3833
- https://access.redhat.com/errata/RHSA-2018:3831
- http://www.securityfocus.com/bid/106168
- https://security.gentoo.org/glsa/201903-04
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-12392: When manipulating user events in nested loops while opening a document through script, it is…
Published: 2019-02-28T18:29:00 Last Modified: 2019-10-03T00:03:00
Summary
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-12392 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2018-28/
- https://www.mozilla.org/security/advisories/mfsa2018-27/
- https://www.mozilla.org/security/advisories/mfsa2018-26/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1492823
- https://www.debian.org/security/2018/dsa-4337
- https://www.debian.org/security/2018/dsa-4324
- https://usn.ubuntu.com/3868-1/
- https://usn.ubuntu.com/3801-1/
- https://security.gentoo.org/glsa/201811-13
- https://security.gentoo.org/glsa/201811-04
- https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
- https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html
- https://access.redhat.com/errata/RHSA-2018:3532
- https://access.redhat.com/errata/RHSA-2018:3531
- https://access.redhat.com/errata/RHSA-2018:3006
- https://access.redhat.com/errata/RHSA-2018:3005
- http://www.securitytracker.com/id/1041944
- http://www.securityfocus.com/bid/105769
- http://www.securityfocus.com/bid/105718
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-12393: A potential vulnerability was found in 32-bit builds where an integer overflow during the…
Published: 2019-02-28T18:29:00 Last Modified: 2020-08-24T17:37:00
Summary
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. Note: 64-bit builds are not vulnerable to this issue.. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-12393 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2018-28/
- https://www.mozilla.org/security/advisories/mfsa2018-27/
- https://www.mozilla.org/security/advisories/mfsa2018-26/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1495011
- https://www.debian.org/security/2018/dsa-4337
- https://www.debian.org/security/2018/dsa-4324
- https://usn.ubuntu.com/3868-1/
- https://usn.ubuntu.com/3801-1/
- https://security.gentoo.org/glsa/201811-13
- https://security.gentoo.org/glsa/201811-04
- https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
- https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html
- https://access.redhat.com/errata/RHSA-2018:3532
- https://access.redhat.com/errata/RHSA-2018:3531
- https://access.redhat.com/errata/RHSA-2018:3006
- https://access.redhat.com/errata/RHSA-2018:3005
- http://www.securitytracker.com/id/1041944
- http://www.securityfocus.com/bid/105769
- http://www.securityfocus.com/bid/105718
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-12397: A WebExtension can request access to local files without the warning prompt stating that the…
Published: 2019-02-28T18:29:00 Last Modified: 2019-03-01T15:00:00
Summary
A WebExtension can request access to local files without the warning prompt stating that the extension will “Access your data for all websites” being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2018-12397 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2018-27/
- https://www.mozilla.org/security/advisories/mfsa2018-26/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1487478
- https://www.debian.org/security/2018/dsa-4324
- https://usn.ubuntu.com/3801-1/
- https://security.gentoo.org/glsa/201811-04
- https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html
- https://access.redhat.com/errata/RHSA-2018:3006
- https://access.redhat.com/errata/RHSA-2018:3005
- http://www.securitytracker.com/id/1041944
- http://www.securityfocus.com/bid/105718
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18492: A use-after-free vulnerability can occur after deleting a selection element due to a weak…
Published: 2019-02-28T18:29:00 Last Modified: 2019-03-11T15:00:00
Summary
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18492 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2018-31/
- https://www.mozilla.org/security/advisories/mfsa2018-30/
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1499861
- https://www.debian.org/security/2019/dsa-4362
- https://www.debian.org/security/2018/dsa-4354
- https://usn.ubuntu.com/3868-1/
- https://usn.ubuntu.com/3844-1/
- https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html
- https://access.redhat.com/errata/RHSA-2019:0160
- https://access.redhat.com/errata/RHSA-2019:0159
- https://access.redhat.com/errata/RHSA-2018:3833
- https://access.redhat.com/errata/RHSA-2018:3831
- http://www.securityfocus.com/bid/106168
- https://security.gentoo.org/glsa/201903-04
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18494: A same-origin policy violation allowing the theft of cross-origin URL entries when using the…
Published: 2019-02-28T18:29:00 Last Modified: 2019-03-11T15:09:00
Summary
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Common Weakness Enumeration (CWE): CWE-346: Origin Validation Error
CWE Description: The software does not properly verify that the source of data or communication is valid.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18494 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2018-31/
- https://www.mozilla.org/security/advisories/mfsa2018-30/
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1487964
- https://www.debian.org/security/2019/dsa-4362
- https://www.debian.org/security/2018/dsa-4354
- https://usn.ubuntu.com/3868-1/
- https://usn.ubuntu.com/3844-1/
- https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html
- https://access.redhat.com/errata/RHSA-2019:0160
- https://access.redhat.com/errata/RHSA-2019:0159
- https://access.redhat.com/errata/RHSA-2018:3833
- https://access.redhat.com/errata/RHSA-2018:3831
- http://www.securityfocus.com/bid/106168
- https://security.gentoo.org/glsa/201903-04
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18493: A buffer overflow can occur in the Skia library during buffer offset calculations with hardware…
Published: 2019-02-28T18:29:00 Last Modified: 2019-03-11T15:38:00
Summary
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18493 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2018-31/
- https://www.mozilla.org/security/advisories/mfsa2018-30/
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1504452
- https://www.debian.org/security/2019/dsa-4362
- https://www.debian.org/security/2018/dsa-4354
- https://usn.ubuntu.com/3868-1/
- https://usn.ubuntu.com/3844-1/
- https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html
- https://access.redhat.com/errata/RHSA-2019:0160
- https://access.redhat.com/errata/RHSA-2019:0159
- https://access.redhat.com/errata/RHSA-2018:3833
- https://access.redhat.com/errata/RHSA-2018:3831
- http://www.securityfocus.com/bid/106168
- https://security.gentoo.org/glsa/201903-04
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18498: A potential vulnerability leading to an integer overflow can occur during buffer size…
Published: 2019-02-28T18:29:00 Last Modified: 2020-08-24T17:37:00
Summary
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18498 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2018-31/
- https://www.mozilla.org/security/advisories/mfsa2018-30/
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1500011
- https://www.debian.org/security/2019/dsa-4362
- https://www.debian.org/security/2018/dsa-4354
- https://usn.ubuntu.com/3868-1/
- https://usn.ubuntu.com/3844-1/
- https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html
- https://access.redhat.com/errata/RHSA-2019:0160
- https://access.redhat.com/errata/RHSA-2019:0159
- https://access.redhat.com/errata/RHSA-2018:3833
- https://access.redhat.com/errata/RHSA-2018:3831
- http://www.securityfocus.com/bid/106168
- https://security.gentoo.org/glsa/201903-04
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-20784: In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq’s, which allows…
Published: 2019-02-22T15:29:00 Last Modified: 2021-06-02T15:28:00
Summary
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq’s, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-20784 vulnerability.
References
- https://github.com/torvalds/linux/commit/c40f7d74c741a907cfaeb73a7697081881c497d0
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.2
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c40f7d74c741a907cfaeb73a7697081881c497d0
- https://access.redhat.com/errata/RHSA-2019:1959
- https://access.redhat.com/errata/RHSA-2019:1971
- https://usn.ubuntu.com/4115-1/
- https://usn.ubuntu.com/4118-1/
- https://usn.ubuntu.com/4211-2/
- https://usn.ubuntu.com/4211-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-7164: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
Published: 2019-02-20T00:29:00 Last Modified: 2021-12-03T20:09:00
Summary
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
Common Weakness Enumeration (CWE): CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
CWE Description: The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-7164 vulnerability.
References
- https://github.com/sqlalchemy/sqlalchemy/issues/4481
- https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html
- https://access.redhat.com/errata/RHSA-2019:0984
- https://access.redhat.com/errata/RHSA-2019:0981
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00005.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5760: Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed…
Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5760 vulnerability.
References
- https://crbug.com/912074
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5762: Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81…
Published: 2019-02-19T17:29:00 Last Modified: 2019-04-18T14:53:00
Summary
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5762 vulnerability.
References
- https://crbug.com/900552
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5759: Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to…
Published: 2019-02-19T17:29:00 Last Modified: 2021-09-08T17:21:00
Summary
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5759 vulnerability.
References
- https://crbug.com/912211
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5763: Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote…
Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-754: Improper Check for Unusual or Exceptional Conditions
CWE Description: The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5763 vulnerability.
References
- https://crbug.com/914731
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5769: Incorrect handling of invalid end character position when front rendering in Blink in Google…
Published: 2019-02-19T17:29:00 Last Modified: 2019-04-18T16:25:00
Summary
Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5769 vulnerability.
References
- https://crbug.com/913975
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5756: Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81…
Published: 2019-02-19T17:29:00 Last Modified: 2019-04-17T17:20:00
Summary
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5756 vulnerability.
References
- https://crbug.com/895152
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5764: Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote…
Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5764 vulnerability.
References
- https://crbug.com/913246
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5757: An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a…
Published: 2019-02-19T17:29:00 Last Modified: 2019-04-18T15:06:00
Summary
An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-704: Incorrect Type Conversion or Cast
CWE Description: The software does not correctly convert an object, resource, or structure from one type to a different type.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5757 vulnerability.
References
- https://crbug.com/915469
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5768: DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to…
Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00
Summary
DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.
Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management
CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5768 vulnerability.
References
- https://crbug.com/805557
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5755: Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote…
Published: 2019-02-19T17:29:00 Last Modified: 2019-04-17T15:03:00
Summary
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-189: Numeric Errors
CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5755 vulnerability.
References
- https://crbug.com/913296
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5754: Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an…
Published: 2019-02-19T17:29:00 Last Modified: 2021-07-21T11:39:00
Summary
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.
Common Weakness Enumeration (CWE): CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE Description: The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5754 vulnerability.
References
- https://crbug.com/914497
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5773: Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a…
Published: 2019-02-19T17:29:00 Last Modified: 2021-07-21T11:39:00
Summary
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-346: Origin Validation Error
CWE Description: The software does not properly verify that the source of data or communication is valid.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5773 vulnerability.
References
- https://crbug.com/917668
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5774: Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google…
Published: 2019-02-19T17:29:00 Last Modified: 2021-07-21T11:39:00
Summary
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5774 vulnerability.
References
- https://crbug.com/904182
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5775: Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81…
Published: 2019-02-19T17:29:00 Last Modified: 2021-07-21T11:39:00
Summary
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5775 vulnerability.
References
- https://crbug.com/896722
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5765: An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81…
Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00
Summary
An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.
Common Weakness Enumeration (CWE): CWE-312: Cleartext Storage of Sensitive Information
CWE Description: The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5765 vulnerability.
References
- https://crbug.com/922627
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5772: Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to…
Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5772 vulnerability.
References
- https://crbug.com/908292
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5782: Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote…
Published: 2019-02-19T17:29:00 Last Modified: 2021-07-21T11:39:00
Summary
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5782 vulnerability.
References
- https://crbug.com/906043
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5778: A missing case for handling special schemes in permission request checks in Extensions in Google…
Published: 2019-02-19T17:29:00 Last Modified: 2019-04-18T14:58:00
Summary
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.
Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5778 vulnerability.
References
- https://crbug.com/918470
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5758: Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a…
Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5758 vulnerability.
References
- https://crbug.com/913970
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5767: Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to…
Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.
Common Weakness Enumeration (CWE): CWE-1021: Improper Restriction of Rendered UI Layers or Frames
CWE Description: The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5767 vulnerability.
References
- https://crbug.com/902427
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5761: Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81…
Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5761 vulnerability.
References
- https://crbug.com/904714
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5770: Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote…
Published: 2019-02-19T17:29:00 Last Modified: 2019-04-18T15:57:00
Summary
Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5770 vulnerability.
References
- https://crbug.com/908749
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5777: Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81…
Published: 2019-02-19T17:29:00 Last Modified: 2021-07-21T11:39:00
Summary
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5777 vulnerability.
References
- https://crbug.com/849421
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5781: Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81…
Published: 2019-02-19T17:29:00 Last Modified: 2021-07-21T11:39:00
Summary
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5781 vulnerability.
References
- https://crbug.com/896725
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5780: Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior…
Published: 2019-02-19T17:29:00 Last Modified: 2021-09-08T17:21:00
Summary
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-5780 vulnerability.
References
- https://crbug.com/891697
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5771: An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a…
Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00
Summary
An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5771 vulnerability.
References
- https://crbug.com/904265
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5766: Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81…
Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5766 vulnerability.
References
- https://crbug.com/907047
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5776: Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81…
Published: 2019-02-19T17:29:00 Last Modified: 2021-07-21T11:39:00
Summary
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5776 vulnerability.
References
- https://crbug.com/863663
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5779: Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a…
Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-5779 vulnerability.
References
- https://crbug.com/904219
- https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2019/dsa-4395
- https://access.redhat.com/errata/RHSA-2019:0309
- http://www.securityfocus.com/bid/106767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8912: In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL…
Published: 2019-02-18T18:29:00 Last Modified: 2021-06-02T15:36:00
Summary
In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-8912 vulnerability.
References
- https://usn.ubuntu.com/3931-2/
- https://usn.ubuntu.com/3931-1/
- https://usn.ubuntu.com/3930-2/
- https://usn.ubuntu.com/3930-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html
- https://access.redhat.com/errata/RHSA-2020:0174
- http://patchwork.ozlabs.org/patch/1042902/
- http://www.securityfocus.com/bid/107063
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-8912
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-6974: In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles…
Published: 2019-02-15T15:29:00 Last Modified: 2021-07-21T11:39:00
Summary
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2019-6974 vulnerability.
References
- https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1765
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
- https://www.exploit-db.com/exploits/46388/
- http://www.securityfocus.com/bid/107127
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
- https://usn.ubuntu.com/3933-2/
- https://usn.ubuntu.com/3932-2/
- https://usn.ubuntu.com/3932-1/
- https://usn.ubuntu.com/3931-2/
- https://usn.ubuntu.com/3931-1/
- https://usn.ubuntu.com/3930-2/
- https://usn.ubuntu.com/3930-1/
- https://usn.ubuntu.com/3933-1/
- https://support.f5.com/csp/article/K11186236
- https://access.redhat.com/errata/RHSA-2019:0833
- https://access.redhat.com/errata/RHSA-2019:0818
- https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
- https://access.redhat.com/errata/RHBA-2019:0959
- https://access.redhat.com/errata/RHSA-2019:2809
- https://support.f5.com/csp/article/K11186236?utm_source=f5support&utm_medium=RSS
- https://access.redhat.com/errata/RHSA-2019:3967
- https://access.redhat.com/errata/RHSA-2020:0103
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-8308: Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script…
Published: 2019-02-12T23:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
Common Weakness Enumeration (CWE): CWE-668: Exposure of Resource to Wrong Sphere
CWE Description: The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-8308 vulnerability.
References
- https://github.com/flatpak/flatpak/releases/tag/1.2.3
- https://github.com/flatpak/flatpak/releases/tag/1.0.7
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922059
- https://access.redhat.com/errata/RHSA-2019:0375
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-5736: runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to…
Published: 2019-02-11T19:29:00 Last Modified: 2021-12-16T18:38:00
Summary
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Common Weakness Enumeration (CWE): CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
CWE Description: The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Exploits Database (Total Exploits Count: 2)
Code designed for conducting penetration testing on CVE-2019-5736 vulnerability.
- runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2) by embargo at 2019-02-13
- runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (1) by feexd at 2019-02-12
References
- https://www.openwall.com/lists/oss-security/2019/02/11/2
- https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
- https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
- https://github.com/docker/docker-ce/releases/tag/v18.09.2
- https://access.redhat.com/security/vulnerabilities/runcescape
- https://access.redhat.com/security/cve/cve-2019-5736
- https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
- https://github.com/rancher/runc-cve
- https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
- https://brauner.github.io/2019/02/12/privileged-containers.html
- https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
- https://access.redhat.com/errata/RHSA-2019:0304
- https://access.redhat.com/errata/RHSA-2019:0303
- https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
- https://www.exploit-db.com/exploits/46359/
- http://www.securityfocus.com/bid/106976
- https://www.exploit-db.com/exploits/46369/
- https://github.com/q3k/cve-2019-5736-poc
- https://github.com/Frichetten/CVE-2019-5736-PoC
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
- https://www.synology.com/security/advisory/Synology_SA_19_06
- https://access.redhat.com/errata/RHSA-2019:0401
- https://access.redhat.com/errata/RHSA-2019:0408
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
- https://security.netapp.com/advisory/ntap-20190307-0008/
- https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E
- https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706@%3Cuser.mesos.apache.org%3E
- http://www.openwall.com/lists/oss-security/2019/03/23/1
- https://bugzilla.suse.com/show_bug.cgi?id=1121967
- https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
- https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
- https://access.redhat.com/errata/RHSA-2019:0975
- https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
- https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
- https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e@%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46@%3Cdev.dlab.apache.org%3E
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html
- http://www.openwall.com/lists/oss-security/2019/06/28/2
- http://www.openwall.com/lists/oss-security/2019/07/06/4
- http://www.openwall.com/lists/oss-security/2019/07/06/3
- https://usn.ubuntu.com/4048-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/
- https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3@%3Cdev.dlab.apache.org%3E
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html
- http://www.openwall.com/lists/oss-security/2019/10/24/1
- http://www.openwall.com/lists/oss-security/2019/10/29/3
- https://security.gentoo.org/glsa/202003-21
- https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587@%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
- http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
- http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-12547: In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native…
Published: 2019-02-11T15:29:00 Last Modified: 2019-05-16T16:29:00
Summary
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-12547 vulnerability.
References
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=543659
- https://access.redhat.com/errata/RHSA-2019:0469
- https://access.redhat.com/errata/RHSA-2019:0474
- https://access.redhat.com/errata/RHSA-2019:0473
- https://access.redhat.com/errata/RHSA-2019:0472
- https://access.redhat.com/errata/RHSA-2019:0640
- https://access.redhat.com/errata/RHSA-2019:1238
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-12549: In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on…
Published: 2019-02-11T15:29:00 Last Modified: 2019-05-16T16:29:00
Summary
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-12549 vulnerability.
References
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=544019
- https://access.redhat.com/errata/RHSA-2019:0469
- https://access.redhat.com/errata/RHSA-2019:0472
- https://access.redhat.com/errata/RHSA-2019:0640
- https://access.redhat.com/errata/RHSA-2019:1238
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-7665: In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in…
Published: 2019-02-09T16:29:00 Last Modified: 2021-11-30T19:53:00
Summary
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-7665 vulnerability.
References
- https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html
- https://sourceware.org/bugzilla/show_bug.cgi?id=24089
- https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html
- https://usn.ubuntu.com/4012-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html
- https://access.redhat.com/errata/RHSA-2019:2197
- https://access.redhat.com/errata/RHSA-2019:3575
- https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-7548: SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
Published: 2019-02-06T21:29:00 Last Modified: 2021-11-30T19:52:00
Summary
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
Common Weakness Enumeration (CWE): CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
CWE Description: The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-7548 vulnerability.
References
- https://github.com/no-security/sqlalchemy_test
- https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518
- https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html
- https://access.redhat.com/errata/RHSA-2019:0984
- https://access.redhat.com/errata/RHSA-2019:0981
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00005.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16890: libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read….
Published: 2019-02-06T20:29:00 Last Modified: 2020-09-18T16:33:00
Summary
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16890 vulnerability.
References
- https://curl.haxx.se/docs/CVE-2018-16890.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890
- https://www.debian.org/security/2019/dsa-4386
- https://usn.ubuntu.com/3882-1/
- http://www.securityfocus.com/bid/106947
- https://security.netapp.com/advisory/ntap-20190315-0001/
- https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E
- https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://support.f5.com/csp/article/K03314397?utm_source=f5support&utm_medium=RSS
- https://access.redhat.com/errata/RHSA-2019:3701
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3822: libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow….
Published: 2019-02-06T20:29:00 Last Modified: 2021-06-15T16:45:00
Summary
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large ’nt response’ data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a ’large value’ needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-3822 vulnerability.
References
- https://curl.haxx.se/docs/CVE-2019-3822.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822
- https://www.debian.org/security/2019/dsa-4386
- https://usn.ubuntu.com/3882-1/
- http://www.securityfocus.com/bid/106950
- https://security.gentoo.org/glsa/201903-03
- https://security.netapp.com/advisory/ntap-20190315-0001/
- https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E
- https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://security.netapp.com/advisory/ntap-20190719-0004/
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://support.f5.com/csp/article/K84141449
- https://support.f5.com/csp/article/K84141449?utm_source=f5support&utm_medium=RSS
- https://access.redhat.com/errata/RHSA-2019:3701
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3825: A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in…
Published: 2019-02-06T20:29:00 Last Modified: 2019-10-09T23:49:00
Summary
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user’s session.
Common Weakness Enumeration (CWE): CWE-287: Improper Authentication
CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.4
- CVSS: 6.9
- CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-3825 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18505: An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added…
Published: 2019-02-05T21:29:00 Last Modified: 2019-10-03T00:03:00
Summary
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.
Common Weakness Enumeration (CWE): CWE-287: Improper Authentication
CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18505 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2019-03/
- https://www.mozilla.org/security/advisories/mfsa2019-02/
- https://www.mozilla.org/security/advisories/mfsa2019-01/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1087565
- https://www.debian.org/security/2019/dsa-4376
- https://usn.ubuntu.com/3874-1/
- https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html
- https://access.redhat.com/errata/RHSA-2019:0270
- https://access.redhat.com/errata/RHSA-2019:0269
- https://access.redhat.com/errata/RHSA-2019:0219
- https://access.redhat.com/errata/RHSA-2019:0218
- http://www.securityfocus.com/bid/106781
- https://www.debian.org/security/2019/dsa-4392
- https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html
- https://usn.ubuntu.com/3897-1/
- https://security.gentoo.org/glsa/201903-04
- https://security.gentoo.org/glsa/201904-07
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18506: When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC)…
Published: 2019-02-05T21:29:00 Last Modified: 2020-08-24T17:37:00
Summary
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18506 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2019-01/
- https://usn.ubuntu.com/3874-1/
- http://www.securityfocus.com/bid/106773
- https://www.debian.org/security/2019/dsa-4411
- https://seclists.org/bugtraq/2019/Mar/28
- https://lists.debian.org/debian-lts-announce/2019/03/msg00024.html
- https://access.redhat.com/errata/RHSA-2019:0623
- https://access.redhat.com/errata/RHSA-2019:0622
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html
- https://access.redhat.com/errata/RHSA-2019:0681
- https://access.redhat.com/errata/RHSA-2019:0680
- https://usn.ubuntu.com/3927-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html
- https://www.debian.org/security/2019/dsa-4420
- https://seclists.org/bugtraq/2019/Apr/0
- https://lists.debian.org/debian-lts-announce/2019/04/msg00000.html
- https://security.gentoo.org/glsa/201904-07
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html
- https://access.redhat.com/errata/RHSA-2019:0966
- https://access.redhat.com/errata/RHSA-2019:1144
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18501: Mozilla developers and community members reported memory safety bugs present in Firefox 64 and…
Published: 2019-02-05T21:29:00 Last Modified: 2019-04-02T07:29:00
Summary
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18501 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2019-03/
- https://www.mozilla.org/security/advisories/mfsa2019-02/
- https://www.mozilla.org/security/advisories/mfsa2019-01/
- https://www.debian.org/security/2019/dsa-4376
- https://usn.ubuntu.com/3874-1/
- https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html
- https://access.redhat.com/errata/RHSA-2019:0270
- https://access.redhat.com/errata/RHSA-2019:0269
- https://access.redhat.com/errata/RHSA-2019:0219
- https://access.redhat.com/errata/RHSA-2019:0218
- http://www.securityfocus.com/bid/106781
- https://www.debian.org/security/2019/dsa-4392
- https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html
- https://usn.ubuntu.com/3897-1/
- https://security.gentoo.org/glsa/201903-04
- https://security.gentoo.org/glsa/201904-07
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18500: A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom…
Published: 2019-02-05T21:29:00 Last Modified: 2019-04-02T07:29:00
Summary
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18500 vulnerability.
References
- https://www.mozilla.org/security/advisories/mfsa2019-03/
- https://www.mozilla.org/security/advisories/mfsa2019-02/
- https://www.mozilla.org/security/advisories/mfsa2019-01/
- https://www.debian.org/security/2019/dsa-4376
- https://usn.ubuntu.com/3874-1/
- https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html
- https://access.redhat.com/errata/RHSA-2019:0270
- https://access.redhat.com/errata/RHSA-2019:0269
- https://access.redhat.com/errata/RHSA-2019:0219
- https://access.redhat.com/errata/RHSA-2019:0218
- http://www.securityfocus.com/bid/106781
- https://www.debian.org/security/2019/dsa-4392
- https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html
- https://usn.ubuntu.com/3897-1/
- https://security.gentoo.org/glsa/201903-04
- https://security.gentoo.org/glsa/201904-07
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-1000020: libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0…
Published: 2019-02-04T21:29:00 Last Modified: 2020-08-24T17:37:00
Summary
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’) vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.
Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-1000020 vulnerability.
References
- https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423
- https://github.com/libarchive/libarchive/pull/1120
- https://usn.ubuntu.com/3884-1/
- https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html
- https://access.redhat.com/errata/RHSA-2019:2298
- https://access.redhat.com/errata/RHSA-2019:3698
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-1000019: libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2…
Published: 2019-02-04T21:29:00 Last Modified: 2019-11-06T01:15:00
Summary
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-1000019 vulnerability.
References
- https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1
- https://github.com/libarchive/libarchive/pull/1120
- https://usn.ubuntu.com/3884-1/
- https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html
- https://access.redhat.com/errata/RHSA-2019:2298
- https://access.redhat.com/errata/RHSA-2019:3698
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3813: Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-…
Published: 2019-02-04T18:29:00 Last Modified: 2021-07-21T11:39:00
Summary
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
Common Weakness Enumeration (CWE): CWE-193: Off-by-one Error
CWE Description: A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
Scores
- Impact Score: 6.4
- Exploitability Score: 5.5
- CVSS: 5.4
- CVSS Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2019-3813 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1665371
- https://www.debian.org/security/2019/dsa-4375
- https://usn.ubuntu.com/3870-1/
- https://lists.debian.org/debian-lts-announce/2019/01/msg00026.html
- https://access.redhat.com/errata/RHSA-2019:0232
- https://access.redhat.com/errata/RHSA-2019:0231
- http://www.securityfocus.com/bid/106801
- https://access.redhat.com/errata/RHSA-2019:0457
- https://security.gentoo.org/glsa/202007-30
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-6111: An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983…
Published: 2019-01-31T18:29:00 Last Modified: 2020-08-24T17:37:00
Summary
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Exploits Database (Total Exploits Count: 2)
Code designed for conducting penetration testing on CVE-2019-6111 vulnerability.
- SCP Client - Multiple Vulnerabilities (SSHtranger Things) by Mark E. Haase at 2019-01-18
- OpenSSH SCP Client - Write Arbitrary Files by Harry Sintonen at 2019-01-11
References
- https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
- https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c
- https://www.exploit-db.com/exploits/46193/
- http://www.securityfocus.com/bid/106741
- https://usn.ubuntu.com/3885-1/
- https://www.debian.org/security/2019/dsa-4387
- https://security.netapp.com/advisory/ntap-20190213-0001/
- https://bugzilla.redhat.com/show_bug.cgi?id=1677794
- https://usn.ubuntu.com/3885-2/
- https://security.gentoo.org/glsa/201903-16
- https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html
- http://www.openwall.com/lists/oss-security/2019/04/18/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/
- https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23@%3Cdev.mina.apache.org%3E
- https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b@%3Cdev.mina.apache.org%3E
- https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f@%3Cdev.mina.apache.org%3E
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html
- https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc
- https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a@%3Cdev.mina.apache.org%3E
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3702
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-7150: An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function…
Published: 2019-01-29T00:29:00 Last Modified: 2021-11-30T19:52:00
Summary
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-7150 vulnerability.
References
- https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html
- https://sourceware.org/bugzilla/show_bug.cgi?id=24103
- https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html
- https://usn.ubuntu.com/4012-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html
- https://access.redhat.com/errata/RHSA-2019:2197
- https://access.redhat.com/errata/RHSA-2019:3575
- https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3815: A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise…
Published: 2019-01-28T15:29:00 Last Modified: 2020-11-13T16:15:00
Summary
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the _CMDLINE= entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.
Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime
CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-3815 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815
- http://www.securityfocus.com/bid/106632
- https://access.redhat.com/errata/RHSA-2019:0201
- https://lists.debian.org/debian-lts-announce/2019/03/msg00013.html
- https://access.redhat.com/errata/RHBA-2019:0327
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16881: A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could…
Published: 2019-01-25T18:29:00 Last Modified: 2020-12-04T18:15:00
Summary
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16881 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881
- https://access.redhat.com/errata/RHSA-2019:2110
- https://access.redhat.com/errata/RHSA-2019:2439
- https://access.redhat.com/errata/RHSA-2019:2437
- https://access.redhat.com/errata/RHBA-2019:2501
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-15982: Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free…
Published: 2019-01-18T17:29:00 Last Modified: 2019-01-29T19:24:00
Summary
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 10.0
- CVSS: 10.0
- CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2018-15982 vulnerability.
References
- https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
- https://www.exploit-db.com/exploits/46051/
- https://access.redhat.com/errata/RHSA-2018:3795
- http://www.securityfocus.com/bid/106116
See also: All popular products CVE Vulnerabilities of redhat
CVE-2017-3136: A query with a specific set of characteristics could cause a server using DNS64 to encounter an…
Published: 2019-01-16T20:29:00 Last Modified: 2020-10-20T12:15:00
Summary
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.
Common Weakness Enumeration (CWE): CWE-617: Reachable Assertion
CWE Description: The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2017-3136 vulnerability.
References
- https://kb.isc.org/docs/aa-01465
- https://www.debian.org/security/2017/dsa-3854
- https://security.netapp.com/advisory/ntap-20180802-0002/
- https://security.gentoo.org/glsa/201708-01
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us
- https://access.redhat.com/errata/RHSA-2017:1105
- https://access.redhat.com/errata/RHSA-2017:1095
- http://www.securitytracker.com/id/1038259
- http://www.securityfocus.com/bid/97653
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2017-3144: A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to…
Published: 2019-01-16T20:29:00 Last Modified: 2020-01-09T21:07:00
Summary
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2017-3144 vulnerability.
References
- https://kb.isc.org/docs/aa-01541
- https://www.debian.org/security/2018/dsa-4133
- https://usn.ubuntu.com/3586-1/
- https://access.redhat.com/errata/RHSA-2018:0158
- http://www.securitytracker.com/id/1040194
- http://www.securityfocus.com/bid/102726
See also: All popular products CVE Vulnerabilities of redhat
CVE-2017-3135: Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing…
Published: 2019-01-16T20:29:00 Last Modified: 2019-10-09T23:27:00
Summary
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2017-3135 vulnerability.
References
- https://kb.isc.org/docs/aa-01453
- https://www.debian.org/security/2017/dsa-3795
- https://security.netapp.com/advisory/ntap-20180926-0005/
- https://security.gentoo.org/glsa/201708-01
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us
- http://www.securitytracker.com/id/1037801
- http://www.securityfocus.com/bid/96150
- http://rhn.redhat.com/errata/RHSA-2017-0276.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2017-3142: An attacker who is able to send and receive messages to an authoritative DNS server and who has…
Published: 2019-01-16T20:29:00 Last Modified: 2019-08-30T17:15:00
Summary
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2017-3142 vulnerability.
References
- https://kb.isc.org/docs/aa-01504
- https://www.debian.org/security/2017/dsa-3904
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us
- https://access.redhat.com/errata/RHSA-2017:1680
- https://access.redhat.com/errata/RHSA-2017:1679
- http://www.securitytracker.com/id/1038809
- http://www.securityfocus.com/bid/99339
- https://security.netapp.com/advisory/ntap-20190830-0003/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2017-3143: An attacker who is able to send and receive messages to an authoritative DNS server and who has…
Published: 2019-01-16T20:29:00 Last Modified: 2019-10-03T00:03:00
Summary
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2017-3143 vulnerability.
References
- https://kb.isc.org/docs/aa-01503
- https://www.debian.org/security/2017/dsa-3904
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us
- https://access.redhat.com/errata/RHSA-2017:1680
- https://access.redhat.com/errata/RHSA-2017:1679
- http://www.securitytracker.com/id/1038809
- http://www.securityfocus.com/bid/99337
- https://security.netapp.com/advisory/ntap-20190830-0003/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2017-3145: BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading…
Published: 2019-01-16T20:29:00 Last Modified: 2019-10-09T23:27:00
Summary
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2017-3145 vulnerability.
References
- https://kb.isc.org/docs/aa-01542
- https://www.debian.org/security/2018/dsa-4089
- https://security.netapp.com/advisory/ntap-20180117-0003/
- https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html
- https://access.redhat.com/errata/RHSA-2018:0488
- https://access.redhat.com/errata/RHSA-2018:0487
- https://access.redhat.com/errata/RHSA-2018:0102
- https://access.redhat.com/errata/RHSA-2018:0101
- http://www.securitytracker.com/id/1040195
- http://www.securityfocus.com/bid/102716
See also: All popular products CVE Vulnerabilities of redhat
CVE-2017-3137: Mistaken assumptions about the ordering of records in the answer section of a response containing…
Published: 2019-01-16T20:29:00 Last Modified: 2019-10-09T23:27:00
Summary
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.
Common Weakness Enumeration (CWE): CWE-617: Reachable Assertion
CWE Description: The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2017-3137 vulnerability.
References
- https://kb.isc.org/docs/aa-01466
- https://www.debian.org/security/2017/dsa-3854
- https://security.netapp.com/advisory/ntap-20180802-0002/
- https://security.gentoo.org/glsa/201708-01
- https://access.redhat.com/errata/RHSA-2017:1583
- https://access.redhat.com/errata/RHSA-2017:1582
- https://access.redhat.com/errata/RHSA-2017:1105
- https://access.redhat.com/errata/RHSA-2017:1095
- http://www.securitytracker.com/id/1040195
- http://www.securitytracker.com/id/1038258
- http://www.securityfocus.com/bid/97651
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-5733: A malicious client which is allowed to send very large amounts of traffic (billions of packets)…
Published: 2019-01-16T20:29:00 Last Modified: 2020-01-09T21:08:00
Summary
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-5733 vulnerability.
References
- https://kb.isc.org/docs/aa-01567
- https://www.debian.org/security/2018/dsa-4133
- https://usn.ubuntu.com/3586-2/
- https://usn.ubuntu.com/3586-1/
- https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html
- https://access.redhat.com/errata/RHSA-2018:0483
- https://access.redhat.com/errata/RHSA-2018:0469
- http://www.securitytracker.com/id/1040437
- http://www.securityfocus.com/bid/103188
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-5740: “deny-answer-aliases” is a little-used feature intended to help recursive server operators…
Published: 2019-01-16T20:29:00 Last Modified: 2021-11-17T22:16:00
Summary
“deny-answer-aliases” is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.
Common Weakness Enumeration (CWE): CWE-617: Reachable Assertion
CWE Description: The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-5740 vulnerability.
References
- https://kb.isc.org/docs/aa-01639
- https://usn.ubuntu.com/3769-2/
- https://usn.ubuntu.com/3769-1/
- https://security.netapp.com/advisory/ntap-20180926-0003/
- https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html
- https://access.redhat.com/errata/RHSA-2018:2571
- https://access.redhat.com/errata/RHSA-2018:2570
- http://www.securitytracker.com/id/1041436
- http://www.securityfocus.com/bid/105055
- https://security.gentoo.org/glsa/201903-13
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us
- https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-2422: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported…
Published: 2019-01-16T19:30:00 Last Modified: 2020-09-08T13:00:00
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-2422 vulnerability.
References
- http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- http://www.securityfocus.com/bid/106596
- https://security.netapp.com/advisory/ntap-20190118-0001/
- https://usn.ubuntu.com/3875-1/
- https://access.redhat.com/errata/RHSA-2019:0416
- https://access.redhat.com/errata/RHSA-2019:0436
- https://access.redhat.com/errata/RHSA-2019:0435
- https://access.redhat.com/errata/RHSA-2019:0464
- https://access.redhat.com/errata/RHSA-2019:0462
- https://access.redhat.com/errata/RHSA-2019:0469
- https://access.redhat.com/errata/RHSA-2019:0474
- https://access.redhat.com/errata/RHSA-2019:0473
- https://access.redhat.com/errata/RHSA-2019:0472
- https://security.gentoo.org/glsa/201903-14
- https://www.debian.org/security/2019/dsa-4410
- https://seclists.org/bugtraq/2019/Mar/27
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html
- https://access.redhat.com/errata/RHSA-2019:0640
- https://lists.debian.org/debian-lts-announce/2019/03/msg00033.html
- https://usn.ubuntu.com/3942-1/
- https://usn.ubuntu.com/3949-1/
- https://access.redhat.com/errata/RHSA-2019:1238
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-2449: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The…
Published: 2019-01-16T19:30:00 Last Modified: 2020-09-08T12:29:00
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
Scores
- Impact Score: 2.9
- Exploitability Score: 4.9
- CVSS: 2.6
- CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-2449 vulnerability.
References
- http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- http://www.securityfocus.com/bid/106597
- https://security.netapp.com/advisory/ntap-20190118-0001/
- https://access.redhat.com/errata/RHSA-2019:0469
- https://access.redhat.com/errata/RHSA-2019:0472
- https://access.redhat.com/errata/RHSA-2019:0640
- https://access.redhat.com/errata/RHSA-2019:1238
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16846: It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial…
Published: 2019-01-15T18:29:00 Last Modified: 2021-08-11T11:15:00
Summary
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling
CWE Description: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16846 vulnerability.
References
- https://ceph.com/releases/13-2-4-mimic-released/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16846
- https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
- https://usn.ubuntu.com/4035-1/
- https://access.redhat.com/errata/RHSA-2019:2541
- https://access.redhat.com/errata/RHSA-2019:2538
- https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-3811: A vulnerability was found in sssd. If a user was configured with no home directory set, sssd…
Published: 2019-01-15T15:29:00 Last Modified: 2021-11-02T20:07:00
Summary
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return ‘/’ (the root directory) instead of ’’ (the empty string / no home directory). This could impact services that restrict the user’s filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
Scores
- Impact Score: 2.9
- Exploitability Score: 5.1
- CVSS: 2.7
- CVSS Vector: AV:A/AC:L/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2019-3811 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811
- https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html
- http://www.securityfocus.com/bid/106644
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html
- https://access.redhat.com/errata/RHSA-2019:2177
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16888: It was discovered systemd does not correctly check the content of PIDFile files before using it…
Published: 2019-01-14T22:29:00 Last Modified: 2022-01-31T18:37:00
Summary
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management
CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.4
- CVSS: 1.9
- CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2018-16888 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888
- https://security.netapp.com/advisory/ntap-20190307-0007/
- https://access.redhat.com/errata/RHSA-2019:2091
- https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E
- https://usn.ubuntu.com/4269-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16886: etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper…
Published: 2019-01-14T19:29:00 Last Modified: 2019-10-24T12:24:00
Summary
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.
Common Weakness Enumeration (CWE): CWE-287: Improper Authentication
CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16886 vulnerability.
References
- https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication
- https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886
- http://www.securityfocus.com/bid/106540
- https://access.redhat.com/errata/RHSA-2019:0237
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/
- https://access.redhat.com/errata/RHSA-2019:1352
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-20699: Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory…
Published: 2019-01-12T02:29:00 Last Modified: 2019-03-14T18:13:00
Summary
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a –cpuset-mems or –cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-20699 vulnerability.
References
- https://github.com/moby/moby/pull/37967
- https://github.com/docker/engine/pull/70
- https://access.redhat.com/errata/RHSA-2019:0487
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16865: An allocation of memory without limits, that could result in the stack clashing with another…
Published: 2019-01-11T21:29:00 Last Modified: 2022-01-31T18:34:00
Summary
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.
Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling
CWE Description: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2018-16865 vulnerability.
References
- https://www.qualys.com/2019/01/09/system-down/system-down.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865
- https://usn.ubuntu.com/3855-1/
- http://www.securityfocus.com/bid/106525
- https://www.debian.org/security/2019/dsa-4367
- https://access.redhat.com/errata/RHSA-2019:0049
- https://security.netapp.com/advisory/ntap-20190117-0001/
- https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html
- https://access.redhat.com/errata/RHSA-2019:0204
- https://access.redhat.com/errata/RHSA-2019:0271
- https://access.redhat.com/errata/RHSA-2019:0342
- https://access.redhat.com/errata/RHSA-2019:0361
- https://security.gentoo.org/glsa/201903-07
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://access.redhat.com/errata/RHBA-2019:0327
- http://www.openwall.com/lists/oss-security/2019/05/10/4
- https://seclists.org/bugtraq/2019/May/25
- http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html
- http://seclists.org/fulldisclosure/2019/May/21
- https://access.redhat.com/errata/RHSA-2019:2402
- http://www.openwall.com/lists/oss-security/2021/07/20/2
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16864: An allocation of memory without limits, that could result in the stack clashing with another…
Published: 2019-01-11T20:29:00 Last Modified: 2022-01-31T18:31:00
Summary
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.
Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling
CWE Description: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2018-16864 vulnerability.
References
- https://www.qualys.com/2019/01/09/system-down/system-down.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864
- https://usn.ubuntu.com/3855-1/
- http://www.securityfocus.com/bid/106523
- https://www.debian.org/security/2019/dsa-4367
- https://access.redhat.com/errata/RHSA-2019:0049
- https://security.netapp.com/advisory/ntap-20190117-0001/
- https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html
- https://access.redhat.com/errata/RHSA-2019:0204
- https://access.redhat.com/errata/RHSA-2019:0271
- https://access.redhat.com/errata/RHSA-2019:0342
- https://access.redhat.com/errata/RHSA-2019:0361
- https://security.gentoo.org/glsa/201903-07
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://access.redhat.com/errata/RHBA-2019:0327
- https://access.redhat.com/errata/RHSA-2019:2402
- http://www.openwall.com/lists/oss-security/2021/07/20/2
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-6133: In PolicyKit (aka polkit) 0.115, the “start time” protection mechanism can be bypassed because…
Published: 2019-01-11T14:29:00 Last Modified: 2020-08-24T17:37:00
Summary
In PolicyKit (aka polkit) 0.115, the “start time” protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
CWE Description: The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2019-6133 vulnerability.
References
- https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
- https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
- https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
- http://www.securityfocus.com/bid/106537
- https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html
- https://access.redhat.com/errata/RHSA-2019:0230
- https://access.redhat.com/errata/RHSA-2019:0420
- https://usn.ubuntu.com/3901-2/
- https://usn.ubuntu.com/3901-1/
- https://usn.ubuntu.com/3903-2/
- https://usn.ubuntu.com/3903-1/
- https://usn.ubuntu.com/3908-1/
- https://usn.ubuntu.com/3908-2/
- https://usn.ubuntu.com/3910-2/
- https://usn.ubuntu.com/3910-1/
- https://support.f5.com/csp/article/K22715344
- https://usn.ubuntu.com/3934-1/
- https://access.redhat.com/errata/RHSA-2019:0832
- https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html
- https://usn.ubuntu.com/3934-2/
- https://access.redhat.com/errata/RHSA-2019:2699
- https://access.redhat.com/errata/RHSA-2019:2978
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access…
Published: 2019-01-10T21:29:00 Last Modified: 2020-08-24T17:37:00
Summary
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization
CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Scores
- Impact Score: 2.9
- Exploitability Score: 4.9
- CVSS: 2.6
- CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-20685 vulnerability.
References
- https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
- https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h
- http://www.securityfocus.com/bid/106531
- https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
- https://usn.ubuntu.com/3885-1/
- https://www.debian.org/security/2019/dsa-4387
- https://security.netapp.com/advisory/ntap-20190215-0001/
- https://security.gentoo.org/glsa/201903-16
- https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3702
- https://security.gentoo.org/glsa/202007-53
See also: All popular products CVE Vulnerabilities of redhat
CVE-2016-9651: A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-16T13:43:00
Summary
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-94: Improper Control of Generation of Code (‘Code Injection’)
CWE Description: The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2016-9651 vulnerability.
References
- https://crbug.com/664411
- https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
- https://www.exploit-db.com/exploits/42175/
- https://security.gentoo.org/glsa/201612-11
- http://www.securityfocus.com/bid/94633
- http://rhn.redhat.com/errata/RHSA-2016-2919.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16083: An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-25T19:56:00
Summary
An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2018-16083 vulnerability.
References
- https://crbug.com/856823
- https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html
- https://www.exploit-db.com/exploits/45444/
- https://security.gentoo.org/glsa/201811-10
- https://access.redhat.com/errata/RHSA-2018:2666
- http://www.securityfocus.com/bid/105215
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16065: A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-16T14:00:00
Summary
A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16065 vulnerability.
References
- https://crbug.com/867776
- https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4289
- https://security.gentoo.org/glsa/201811-10
- https://access.redhat.com/errata/RHSA-2018:2666
- http://www.securityfocus.com/bid/105215
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16068: Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-15T14:35:00
Summary
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16068 vulnerability.
References
- https://crbug.com/877182
- https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4289
- https://security.gentoo.org/glsa/201811-10
- https://access.redhat.com/errata/RHSA-2018:2666
- http://www.securityfocus.com/bid/105215
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16076: Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-15T12:48:00
Summary
Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16076 vulnerability.
References
- https://crbug.com/867501
- https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html
- https://security.gentoo.org/glsa/201811-10
- https://access.redhat.com/errata/RHSA-2018:2666
- http://www.securityfocus.com/bid/105215
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16081: Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16081 vulnerability.
References
- https://crbug.com/666299
- https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html
- https://security.gentoo.org/glsa/201811-10
- https://access.redhat.com/errata/RHSA-2018:2666
- http://www.securityfocus.com/bid/105215
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16082: An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-15T17:58:00
Summary
An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16082 vulnerability.
References
- https://crbug.com/851398
- https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html
- https://security.gentoo.org/glsa/201811-10
- https://access.redhat.com/errata/RHSA-2018:2666
- http://www.securityfocus.com/bid/105215
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16084: The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-29T18:44:00
Summary
The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16084 vulnerability.
References
- https://crbug.com/865202
- https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html
- https://security.gentoo.org/glsa/201811-10
- https://access.redhat.com/errata/RHSA-2018:2666
- http://www.securityfocus.com/bid/105215
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16067: A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to…
Published: 2019-01-09T19:29:00 Last Modified: 2020-08-24T17:37:00
Summary
A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16067 vulnerability.
References
- https://crbug.com/860522
- https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4289
- https://security.gentoo.org/glsa/201811-10
- https://access.redhat.com/errata/RHSA-2018:2666
- http://www.securityfocus.com/bid/105215
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16071: A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to…
Published: 2019-01-09T19:29:00 Last Modified: 2020-08-24T17:37:00
Summary
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2018-16071 vulnerability.
References
- https://crbug.com/855211
- https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html
- https://www.exploit-db.com/exploits/45443/
- https://security.gentoo.org/glsa/201811-10
- https://access.redhat.com/errata/RHSA-2018:2666
- http://www.securityfocus.com/bid/105215
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-17461: An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-14T19:07:00
Summary
An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-17461 vulnerability.
References
- https://crbug.com/874359
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16066: A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to…
Published: 2019-01-09T19:29:00 Last Modified: 2020-08-24T17:37:00
Summary
A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16066 vulnerability.
References
- https://crbug.com/847570
- https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4289
- https://security.gentoo.org/glsa/201811-10
- https://access.redhat.com/errata/RHSA-2018:2666
- http://www.securityfocus.com/bid/105215
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16079: A race condition between permission prompts and navigations in Prompts in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-15T18:01:00
Summary
A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
CWE Description: The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
Scores
- Impact Score: 2.9
- Exploitability Score: 4.9
- CVSS: 2.6
- CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16079 vulnerability.
References
- https://crbug.com/723503
- https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html
- https://security.gentoo.org/glsa/201811-10
- https://access.redhat.com/errata/RHSA-2018:2666
- http://www.securityfocus.com/bid/105215
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16078: Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-29T19:21:00
Summary
Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16078 vulnerability.
References
- https://crbug.com/858820
- https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html
- https://security.gentoo.org/glsa/201811-10
- https://access.redhat.com/errata/RHSA-2018:2666
- http://www.securityfocus.com/bid/105215
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16088: A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-29T20:20:00
Summary
A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16088 vulnerability.
References
- https://crbug.com/848531
- https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html
- https://security.gentoo.org/glsa/201811-10
- https://access.redhat.com/errata/RHSA-2018:2666
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-17458: An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2020-08-24T17:37:00
Summary
An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-129: Improper Validation of Array Index
CWE Description: The most common condition situation leading to an out-of-bounds array index is the use of loop index variables as buffer indexes. If the end condition for the loop is subject to a flaw, the index can grow or shrink unbounded, therefore causing a buffer overflow or underflow. Another common situation leading to this condition is the use of a function’s return value, or the resulting value of a calculation directly as an index in to a buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-17458 vulnerability.
References
- https://crbug.com/875322
- https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html
- https://access.redhat.com/errata/RHSA-2018:2818
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-17459: Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92…
Published: 2019-01-09T19:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-17459 vulnerability.
References
- https://crbug.com/880759
- https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html
- https://access.redhat.com/errata/RHSA-2018:2818
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-17470: A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-15T17:46:00
Summary
A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-17470 vulnerability.
References
- https://crbug.com/877874
- https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4330
- https://security.gentoo.org/glsa/201811-10
- https://access.redhat.com/errata/RHSA-2018:3004
- http://www.securityfocus.com/bid/105666
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6140: Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-16T14:39:00
Summary
Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6140 vulnerability.
References
- https://crbug.com/798222
- https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
- https://www.debian.org/security/2018/dsa-4237
- https://access.redhat.com/errata/RHSA-2018:1815
- http://www.securitytracker.com/id/1041014
- http://www.securityfocus.com/bid/104309
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6144: Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-14T19:03:00
Summary
Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6144 vulnerability.
References
- https://crbug.com/828049
- https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
- https://www.debian.org/security/2018/dsa-4237
- https://access.redhat.com/errata/RHSA-2018:1815
- http://www.securitytracker.com/id/1041014
- http://www.securityfocus.com/bid/104309
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6153: A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-14T18:23:00
Summary
A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6153 vulnerability.
References
- https://crbug.com/850350
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6170: A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to…
Published: 2019-01-09T19:29:00 Last Modified: 2020-08-24T17:37:00
Summary
A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Common Weakness Enumeration (CWE): CWE-704: Incorrect Type Conversion or Cast
CWE Description: The software does not correctly convert an object, resource, or structure from one type to a different type.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6170 vulnerability.
References
- https://crbug.com/862059
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6173: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6173 vulnerability.
References
- https://crbug.com/836885
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6084: Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2021-09-08T17:21:00
Summary
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2018-6084 vulnerability.
References
- https://crbug.com/822424
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
- https://www.exploit-db.com/exploits/44307/
- http://www.securityfocus.com/bid/103917
- http://www.securityfocus.com/bid/103468
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6093: Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-29T20:01:00
Summary
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6093 vulnerability.
References
- https://crbug.com/780435
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4182
- https://security.gentoo.org/glsa/201804-22
- https://access.redhat.com/errata/RHSA-2018:1195
- http://www.securityfocus.com/bid/103917
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6110: Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-30T16:47:00
Summary
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6110 vulnerability.
References
- https://crbug.com/777737
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4182
- https://security.gentoo.org/glsa/201804-22
- https://access.redhat.com/errata/RHSA-2018:1195
- http://www.securityfocus.com/bid/103917
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6056: Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-29T19:41:00
Summary
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-704: Incorrect Type Conversion or Cast
CWE Description: The software does not correctly convert an object, resource, or structure from one type to a different type.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6056 vulnerability.
References
- https://crbug.com/806388
- https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html
- https://www.debian.org/security/2018/dsa-4182
- https://access.redhat.com/errata/RHSA-2018:0334
- http://www.securityfocus.com/bid/103003
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6113: Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2021-09-08T17:21:00
Summary
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6113 vulnerability.
References
- https://crbug.com/805900
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4182
- https://security.gentoo.org/glsa/201804-22
- https://access.redhat.com/errata/RHSA-2018:1195
- http://www.securityfocus.com/bid/103917
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6096: A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-30T18:16:00
Summary
A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6096 vulnerability.
References
- https://crbug.com/776418
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4182
- https://security.gentoo.org/glsa/201804-22
- https://access.redhat.com/errata/RHSA-2018:1195
- http://www.securityfocus.com/bid/103917
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6133: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-30T16:55:00
Summary
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Common Weakness Enumeration (CWE): CWE-19: Data Processing Errors
CWE Description: Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6133 vulnerability.
References
- https://crbug.com/817247
- https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
- https://www.debian.org/security/2018/dsa-4237
- https://access.redhat.com/errata/RHSA-2018:1815
- http://www.securitytracker.com/id/1041014
- http://www.securityfocus.com/bid/104309
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6127: Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-30T16:02:00
Summary
Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6127 vulnerability.
References
- https://crbug.com/842990
- https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
- https://www.debian.org/security/2018/dsa-4237
- https://access.redhat.com/errata/RHSA-2018:1815
- http://www.securitytracker.com/id/1041014
- http://www.securityfocus.com/bid/104309
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6117: Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-15T20:57:00
Summary
Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6117 vulnerability.
References
- https://crbug.com/822465
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4182
- https://security.gentoo.org/glsa/201804-22
- https://access.redhat.com/errata/RHSA-2018:1195
- http://www.securityfocus.com/bid/103917
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6135: Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome…
Published: 2019-01-09T19:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6135 vulnerability.
References
- https://crbug.com/823353
- https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
- https://www.debian.org/security/2018/dsa-4237
- https://access.redhat.com/errata/RHSA-2018:1815
- http://www.securitytracker.com/id/1041014
- http://www.securityfocus.com/bid/104309
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6100: Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-30T18:01:00
Summary
Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Common Weakness Enumeration (CWE): CWE-19: Data Processing Errors
CWE Description: Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6100 vulnerability.
References
- https://crbug.com/811117
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4182
- https://security.gentoo.org/glsa/201804-22
- https://access.redhat.com/errata/RHSA-2018:1195
- http://www.securityfocus.com/bid/103917
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6123: A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to…
Published: 2019-01-09T19:29:00 Last Modified: 2020-08-24T17:37:00
Summary
A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6123 vulnerability.
References
- https://crbug.com/835639
- https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
- https://www.debian.org/security/2018/dsa-4237
- https://access.redhat.com/errata/RHSA-2018:1815
- http://www.securitytracker.com/id/1041014
- http://www.securityfocus.com/bid/104309
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6163: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6163 vulnerability.
References
- https://crbug.com/849398
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6106: An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-30T17:12:00
Summary
An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-19: Data Processing Errors
CWE Description: Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6106 vulnerability.
References
- https://crbug.com/805729
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4182
- https://security.gentoo.org/glsa/201804-22
- https://access.redhat.com/errata/RHSA-2018:1195
- http://www.securityfocus.com/bid/103917
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6097: Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2021-09-08T17:21:00
Summary
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-19: Data Processing Errors
CWE Description: Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6097 vulnerability.
References
- https://crbug.com/806162
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4182
- https://security.gentoo.org/glsa/201804-22
- https://access.redhat.com/errata/RHSA-2018:1195
- http://www.securityfocus.com/bid/103917
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6175: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6175 vulnerability.
References
- https://crbug.com/826019
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6165: Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a…
Published: 2019-01-09T19:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6165 vulnerability.
References
- https://crbug.com/847718
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6111: An object lifetime issue in the developer tools network handler in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-16T16:41:00
Summary
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6111 vulnerability.
References
- https://crbug.com/780694
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4182
- https://security.gentoo.org/glsa/201804-22
- https://access.redhat.com/errata/RHSA-2018:1195
- http://www.securityfocus.com/bid/103917
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6091: Service Workers can intercept any request made by an
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-30T18:27:00
Summary
Service Workers can intercept any request made by an
Common Weakness Enumeration (CWE): CWE-19: Data Processing Errors
CWE Description: Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6091 vulnerability.
References
- https://crbug.com/771933
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4182
- https://security.gentoo.org/glsa/201804-22
- https://access.redhat.com/errata/RHSA-2018:1195
- http://www.securityfocus.com/bid/103917
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6143: Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-15T12:23:00
Summary
Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6143 vulnerability.
References
- https://crbug.com/843022
- https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
- https://www.debian.org/security/2018/dsa-4237
- https://access.redhat.com/errata/RHSA-2018:1815
- http://www.securitytracker.com/id/1041014
- http://www.securityfocus.com/bid/104309
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6109: readAsText() can indefinitely read the file picked by the user, rather than only once at the time…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-30T17:02:00
Summary
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6109 vulnerability.
References
- https://crbug.com/710190
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4182
- https://security.gentoo.org/glsa/201804-22
- https://access.redhat.com/errata/RHSA-2018:1195
- http://www.securityfocus.com/bid/103917
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6174: Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-14T16:21:00
Summary
Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6174 vulnerability.
References
- https://crbug.com/835299
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6114: Incorrect enforcement of CSP for
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-16T15:22:00
Summary
Incorrect enforcement of CSP for
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6114 vulnerability.
References
- https://crbug.com/811691
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4182
- https://security.gentoo.org/glsa/201804-22
- https://access.redhat.com/errata/RHSA-2018:1195
- http://www.securityfocus.com/bid/103917
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6112: Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-706: Use of Incorrectly-Resolved Name or Reference
CWE Description: The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6112 vulnerability.
References
- https://crbug.com/798096
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4182
- https://security.gentoo.org/glsa/201804-22
- https://access.redhat.com/errata/RHSA-2018:1195
- http://www.securityfocus.com/bid/103917
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6141: Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-14T19:05:00
Summary
Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6141 vulnerability.
References
- https://crbug.com/796107
- https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
- https://www.debian.org/security/2018/dsa-4237
- https://access.redhat.com/errata/RHSA-2018:1815
- http://www.securitytracker.com/id/1041014
- http://www.securityfocus.com/bid/104309
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6164: Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-14T17:45:00
Summary
Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6164 vulnerability.
References
- https://crbug.com/848786
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6120: An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium…
Published: 2019-01-09T19:29:00 Last Modified: 2020-08-24T17:37:00
Summary
An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6120 vulnerability.
References
- https://crbug.com/833721
- https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4237
- https://security.gentoo.org/glsa/201805-06
- https://access.redhat.com/errata/RHSA-2018:1446
- http://www.securityfocus.com/bid/104143
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6158: A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-14T17:46:00
Summary
A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
CWE Description: The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
Scores
- Impact Score: 6.4
- Exploitability Score: 4.9
- CVSS: 5.1
- CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6158 vulnerability.
References
- https://crbug.com/841280
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6179: Insufficient enforcement of file access permission in the activeTab case in Extensions in Google…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-16T15:10:00
Summary
Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6179 vulnerability.
References
- https://crbug.com/816685
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6137: CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-14T19:14:00
Summary
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6137 vulnerability.
References
- https://crbug.com/835589
- https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
- https://www.debian.org/security/2018/dsa-4237
- https://access.redhat.com/errata/RHSA-2018:1815
- http://www.securitytracker.com/id/1041014
- http://www.securityfocus.com/bid/104309
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6124: Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-30T15:33:00
Summary
Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-704: Incorrect Type Conversion or Cast
CWE Description: The software does not correctly convert an object, resource, or structure from one type to a different type.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6124 vulnerability.
References
- https://crbug.com/840320
- https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
- https://www.debian.org/security/2018/dsa-4237
- https://access.redhat.com/errata/RHSA-2018:1815
- http://www.securitytracker.com/id/1041014
- http://www.securityfocus.com/bid/104309
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6166: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6166 vulnerability.
References
- https://crbug.com/835554
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6126: A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-15T21:50:00
Summary
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2018-6126 vulnerability.
References
- https://crbug.com/844457
- https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
- https://www.exploit-db.com/exploits/45098/
- https://www.debian.org/security/2018/dsa-4237
- https://www.debian.org/security/2018/dsa-4220
- https://security.gentoo.org/glsa/201810-01
- https://access.redhat.com/errata/RHSA-2018:2113
- https://access.redhat.com/errata/RHSA-2018:2112
- https://access.redhat.com/errata/RHSA-2018:1815
- http://www.securitytracker.com/id/1041046
- http://www.securitytracker.com/id/1041014
- http://www.securityfocus.com/bid/104411
- http://www.securityfocus.com/bid/104309
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6178: Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75…
Published: 2019-01-09T19:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension.
Common Weakness Enumeration (CWE): CWE-1021: Improper Restriction of Rendered UI Layers or Frames
CWE Description: The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6178 vulnerability.
References
- https://crbug.com/823194
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6139: Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-16T15:02:00
Summary
Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6139 vulnerability.
References
- https://crbug.com/805224
- https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
- https://www.debian.org/security/2018/dsa-4237
- https://access.redhat.com/errata/RHSA-2018:1815
- http://www.securitytracker.com/id/1041014
- http://www.securityfocus.com/bid/104309
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6147: Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-29T19:03:00
Summary
Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2018-6147 vulnerability.
References
- https://crbug.com/818133
- https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
- https://www.debian.org/security/2018/dsa-4237
- https://access.redhat.com/errata/RHSA-2018:1815
- http://www.securitytracker.com/id/1041014
- http://www.securityfocus.com/bid/104309
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6151: Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117…
Published: 2019-01-09T19:29:00 Last Modified: 2021-09-08T17:21:00
Summary
Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6151 vulnerability.
References
- https://crbug.com/805905
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6169: Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75…
Published: 2019-01-09T19:29:00 Last Modified: 2019-01-15T17:36:00
Summary
Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6169 vulnerability.
References
- https://crbug.com/394518
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6162: Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote…
Published: 2019-01-09T19:29:00 Last Modified: 2021-09-08T17:21:00
Summary
Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data
CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6162 vulnerability.
References
- https://crbug.com/804123
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6167: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6167 vulnerability.
References
- https://crbug.com/833143
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6172: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to…
Published: 2019-01-09T19:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6172 vulnerability.
References
- https://crbug.com/847242
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16885: A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and…
Published: 2019-01-03T16:29:00 Last Modified: 2019-08-06T17:15:00
Summary
A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2018-16885 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16885
- http://www.securityfocus.com/bid/106296
- https://access.redhat.com/errata/RHSA-2019:2043
- https://access.redhat.com/errata/RHSA-2019:2029
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16876: ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in…
Published: 2019-01-03T15:29:00 Last Modified: 2021-08-04T17:15:00
Summary
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 6.8
- CVSS: 3.5
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16876 vulnerability.
References
- https://github.com/ansible/ansible/pull/49569
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876
- https://access.redhat.com/errata/RHSA-2018:3838
- https://access.redhat.com/errata/RHSA-2018:3837
- https://access.redhat.com/errata/RHSA-2018:3836
- https://access.redhat.com/errata/RHSA-2018:3835
- http://www.securityfocus.com/bid/106225
- https://www.debian.org/security/2019/dsa-4396
- https://access.redhat.com/errata/RHSA-2019:0564
- https://access.redhat.com/errata/RHSA-2019:0590
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html
- https://usn.ubuntu.com/4072-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-19134: In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain…
Published: 2018-12-20T23:29:00 Last Modified: 2019-01-11T15:54:00
Summary
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.
Common Weakness Enumeration (CWE): CWE-704: Incorrect Type Conversion or Cast
CWE Description: The software does not correctly convert an object, resource, or structure from one type to a different type.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-19134 vulnerability.
References
- https://www.ghostscript.com/doc/9.26/News.htm
- https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf
- https://bugs.ghostscript.com/show_bug.cgi?id=700141
- https://access.redhat.com/errata/RHSA-2018:3834
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf02152119af6e6afd30bb8ec76d14f84bbf
- http://www.securityfocus.com/bid/106278
- https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-1000877: libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0…
Published: 2018-12-20T17:29:00 Last Modified: 2019-11-06T01:15:00
Summary
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.
Common Weakness Enumeration (CWE): CWE-415: Double Free
CWE Description: The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-1000877 vulnerability.
References
- https://github.com/libarchive/libarchive/pull/1105/commits/021efa522ad729ff0f5806c4ce53e4a6cc1daa31
- https://github.com/libarchive/libarchive/pull/1105
- https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
- https://lists.debian.org/debian-lts-announce/2018/12/msg00011.html
- https://www.debian.org/security/2018/dsa-4360
- http://www.securityfocus.com/bid/106324
- https://usn.ubuntu.com/3859-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html
- https://access.redhat.com/errata/RHSA-2019:2298
- https://access.redhat.com/errata/RHSA-2019:3698
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-1000878: libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0…
Published: 2018-12-20T17:29:00 Last Modified: 2019-11-06T01:15:00
Summary
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-1000878 vulnerability.
References
- https://github.com/libarchive/libarchive/pull/1105/commits/bfcfe6f04ed20db2504db8a254d1f40a1d84eb28
- https://github.com/libarchive/libarchive/pull/1105
- https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
- https://lists.debian.org/debian-lts-announce/2018/12/msg00011.html
- https://www.debian.org/security/2018/dsa-4360
- http://www.securityfocus.com/bid/106324
- https://usn.ubuntu.com/3859-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html
- https://access.redhat.com/errata/RHSA-2019:2298
- https://access.redhat.com/errata/RHSA-2019:3698
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-15127: LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write…
Published: 2018-12-19T16:29:00 Last Modified: 2020-10-23T13:15:00
Summary
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-15127 vulnerability.
References
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/
- https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html
- https://access.redhat.com/errata/RHSA-2019:0059
- https://usn.ubuntu.com/3877-1/
- https://www.debian.org/security/2019/dsa-4383
- https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
- https://usn.ubuntu.com/4547-1/
- https://usn.ubuntu.com/4587-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16884: A flaw was found in the Linux kernel’s NFS41+ subsystem. NFS41+ shares mounted in different…
Published: 2018-12-18T22:29:00 Last Modified: 2021-07-15T19:16:00
Summary
A flaw was found in the Linux kernel’s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 8.5
- Exploitability Score: 5.1
- CVSS: 6.7
- CVSS Vector: AV:A/AC:L/Au:S/C:P/I:P/A:C
Impact
- Availability: COMPLETE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2018-16884 vulnerability.
References
- https://patchwork.kernel.org/patch/10733769/
- https://patchwork.kernel.org/cover/10733767/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884
- http://www.securityfocus.com/bid/106253
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
- https://usn.ubuntu.com/3932-2/
- https://usn.ubuntu.com/3932-1/
- https://support.f5.com/csp/article/K21430012
- https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
- https://usn.ubuntu.com/3981-1/
- https://usn.ubuntu.com/3980-1/
- https://usn.ubuntu.com/3980-2/
- https://usn.ubuntu.com/3981-2/
- https://access.redhat.com/errata/RHSA-2019:1891
- https://access.redhat.com/errata/RHSA-2019:1873
- https://access.redhat.com/errata/RHSA-2019:2696
- https://access.redhat.com/errata/RHSA-2019:2730
- https://access.redhat.com/errata/RHSA-2019:3517
- https://access.redhat.com/errata/RHSA-2019:3309
- https://access.redhat.com/errata/RHSA-2020:0204
- https://www.oracle.com/security-alerts/cpuApr2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-19039: Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary…
Published: 2018-12-13T19:29:00 Last Modified: 2020-10-04T18:15:00
Summary
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-19039 vulnerability.
References
- https://www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management/
- https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961
- http://www.securityfocus.com/bid/105994
- https://access.redhat.com/errata/RHSA-2019:0747
- https://security.netapp.com/advisory/ntap-20190416-0004/
- https://access.redhat.com/errata/RHSA-2019:0911
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18397: The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for…
Published: 2018-12-12T10:29:00 Last Modified: 2020-08-24T17:37:00
Summary
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.
Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization
CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2018-18397 vulnerability.
References
- https://github.com/torvalds/linux/commit/29ec90660d68bbdd69507c1c8b4e33aa299278b1
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.7
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1700
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1
- https://access.redhat.com/errata/RHSA-2019:0202
- https://access.redhat.com/errata/RHSA-2019:0163
- https://access.redhat.com/errata/RHSA-2019:0324
- https://usn.ubuntu.com/3901-2/
- https://usn.ubuntu.com/3901-1/
- https://usn.ubuntu.com/3903-2/
- https://usn.ubuntu.com/3903-1/
- https://access.redhat.com/errata/RHSA-2019:0831
- https://access.redhat.com/errata/RHBA-2019:0327
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18342: Execution of user supplied Javascript during object deserialization can update object length…
Published: 2018-12-11T16:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18342 vulnerability.
References
- https://crbug.com/906313
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4352
- https://access.redhat.com/errata/RHSA-2018:3803
- http://www.securityfocus.com/bid/106084
- https://security.gentoo.org/glsa/201908-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18349: Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome…
Published: 2018-12-11T16:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.
Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource
CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18349 vulnerability.
References
- https://crbug.com/894399
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4352
- https://access.redhat.com/errata/RHSA-2018:3803
- http://www.securityfocus.com/bid/106084
- https://security.gentoo.org/glsa/201908-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18352: Service works could inappropriately gain access to cross origin audio in Media in Google Chrome…
Published: 2018-12-11T16:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource
CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18352 vulnerability.
References
- https://crbug.com/849942
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4352
- https://access.redhat.com/errata/RHSA-2018:3803
- http://www.securityfocus.com/bid/106084
- https://security.gentoo.org/glsa/201908-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-17480: Execution of user supplied Javascript during array deserialization leading to an out of bounds…
Published: 2018-12-11T16:29:00 Last Modified: 2019-08-17T21:15:00
Summary
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-17480 vulnerability.
References
- https://crbug.com/905940
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4352
- https://access.redhat.com/errata/RHSA-2018:3803
- http://www.securityfocus.com/bid/106084
- https://security.gentoo.org/glsa/201908-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18356: An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to…
Published: 2018-12-11T16:29:00 Last Modified: 2020-08-24T17:37:00
Summary
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18356 vulnerability.
References
- https://crbug.com/883666
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4352
- https://access.redhat.com/errata/RHSA-2018:3803
- http://www.securityfocus.com/bid/106084
- https://www.debian.org/security/2019/dsa-4391
- https://lists.debian.org/debian-lts-announce/2019/02/msg00023.html
- https://www.debian.org/security/2019/dsa-4392
- https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html
- https://access.redhat.com/errata/RHSA-2019:0374
- https://access.redhat.com/errata/RHSA-2019:0373
- https://usn.ubuntu.com/3897-1/
- https://usn.ubuntu.com/3896-1/
- https://security.gentoo.org/glsa/201903-04
- https://security.gentoo.org/glsa/201904-07
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html
- https://access.redhat.com/errata/RHSA-2019:1144
- https://security.gentoo.org/glsa/201908-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18345: Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed…
Published: 2018-12-11T16:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18345 vulnerability.
References
- https://crbug.com/886976
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4352
- https://access.redhat.com/errata/RHSA-2018:3803
- http://www.securityfocus.com/bid/106084
- https://security.gentoo.org/glsa/201908-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18335: Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to…
Published: 2018-12-11T16:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18335 vulnerability.
References
- https://crbug.com/895362
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4352
- https://access.redhat.com/errata/RHSA-2018:3803
- http://www.securityfocus.com/bid/106084
- https://security.gentoo.org/glsa/201904-07
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html
- https://security.gentoo.org/glsa/201908-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18358: Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed…
Published: 2018-12-11T16:29:00 Last Modified: 2019-08-17T21:15:00
Summary
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 5.5
- CVSS: 2.9
- CVSS Vector: AV:A/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2018-18358 vulnerability.
References
- https://crbug.com/899126
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4352
- https://access.redhat.com/errata/RHSA-2018:3803
- http://www.securityfocus.com/bid/106084
- https://security.gentoo.org/glsa/201908-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18350: Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to…
Published: 2018-12-11T16:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18350 vulnerability.
References
- https://crbug.com/799747
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4352
- https://access.redhat.com/errata/RHSA-2018:3803
- http://www.securityfocus.com/bid/106084
- https://security.gentoo.org/glsa/201908-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18344: Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in…
Published: 2018-12-11T16:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.
Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management
CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18344 vulnerability.
References
- https://crbug.com/866426
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4352
- https://access.redhat.com/errata/RHSA-2018:3803
- http://www.securityfocus.com/bid/106084
- https://security.gentoo.org/glsa/201908-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18353: Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on…
Published: 2018-12-11T16:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18353 vulnerability.
References
- https://crbug.com/884179
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4352
- https://access.redhat.com/errata/RHSA-2018:3803
- http://www.securityfocus.com/bid/106084
- https://security.gentoo.org/glsa/201908-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18351: Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in…
Published: 2018-12-11T16:29:00 Last Modified: 2019-08-17T21:15:00
Summary
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18351 vulnerability.
References
- https://crbug.com/833847
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4352
- https://access.redhat.com/errata/RHSA-2018:3803
- http://www.securityfocus.com/bid/106084
- https://security.gentoo.org/glsa/201908-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18354: Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows…
Published: 2018-12-11T16:29:00 Last Modified: 2019-08-17T21:15:00
Summary
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18354 vulnerability.
References
- https://crbug.com/889459
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4352
- https://access.redhat.com/errata/RHSA-2018:3803
- http://www.securityfocus.com/bid/106084
- https://security.gentoo.org/glsa/201908-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18357: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to…
Published: 2018-12-11T16:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18357 vulnerability.
References
- https://crbug.com/895207
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4352
- https://access.redhat.com/errata/RHSA-2018:3803
- http://www.securityfocus.com/bid/106084
- https://security.gentoo.org/glsa/201908-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18355: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to…
Published: 2018-12-11T16:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18355 vulnerability.
References
- https://crbug.com/896717
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4352
- https://access.redhat.com/errata/RHSA-2018:3803
- http://www.securityfocus.com/bid/106084
- https://security.gentoo.org/glsa/201908-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18348: Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome…
Published: 2018-12-11T16:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18348 vulnerability.
References
- https://crbug.com/881659
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4352
- https://access.redhat.com/errata/RHSA-2018:3803
- http://www.securityfocus.com/bid/106084
- https://security.gentoo.org/glsa/201908-18
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-5801: An error within the “LibRaw::unpack()” function (src/libraw_cxx.cpp) in LibRaw versions prior to…
Published: 2018-12-07T22:29:00 Last Modified: 2019-03-29T14:21:00
Summary
An error within the “LibRaw::unpack()” function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-5801 vulnerability.
References
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/
- https://secuniaresearch.flexerasoftware.com/advisories/79000/
- https://github.com/LibRaw/LibRaw/commit/0df5490b985c419de008d32168650bff17128914
- https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt
- https://usn.ubuntu.com/3615-1/
- https://access.redhat.com/errata/RHSA-2018:3065
- https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-5805: A boundary error within the “quicktake_100_load_raw()” function (internal/dcraw_common.cpp) in…
Published: 2018-12-07T22:29:00 Last Modified: 2020-08-24T17:37:00
Summary
A boundary error within the “quicktake_100_load_raw()” function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-5805 vulnerability.
References
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3/
- https://secuniaresearch.flexerasoftware.com/advisories/81000/
- https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff
- https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt
- https://access.redhat.com/errata/RHSA-2018:3065
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-5806: An error within the “leaf_hdr_load_raw()” function (internal/dcraw_common.cpp) in LibRaw versions…
Published: 2018-12-07T22:29:00 Last Modified: 2018-12-28T21:29:00
Summary
An error within the “leaf_hdr_load_raw()” function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-5806 vulnerability.
References
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3/
- https://secuniaresearch.flexerasoftware.com/advisories/81000/
- https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff
- https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt
- https://access.redhat.com/errata/RHSA-2018:3065
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-5802: An error within the “kodak_radc_load_raw()” function (internal/dcraw_common.cpp) related to the…
Published: 2018-12-07T22:29:00 Last Modified: 2020-11-10T19:31:00
Summary
An error within the “kodak_radc_load_raw()” function (internal/dcraw_common.cpp) related to the “buf” variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-5802 vulnerability.
References
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/
- https://secuniaresearch.flexerasoftware.com/advisories/79000/
- https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt
- https://usn.ubuntu.com/3615-1/
- https://access.redhat.com/errata/RHSA-2018:3065
- https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html
- https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-5800: An off-by-one error within the “LibRaw::kodak_ycbcr_load_raw()” function…
Published: 2018-12-07T22:29:00 Last Modified: 2020-11-20T15:48:00
Summary
An off-by-one error within the “LibRaw::kodak_ycbcr_load_raw()” function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
Common Weakness Enumeration (CWE): CWE-193: Off-by-one Error
CWE Description: A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-5800 vulnerability.
References
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/
- https://secuniaresearch.flexerasoftware.com/advisories/79000/
- https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt
- https://usn.ubuntu.com/3615-1/
- https://access.redhat.com/errata/RHSA-2018:3065
- http://www.securityfocus.com/bid/104663
- https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html
- https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18313: Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers…
Published: 2018-12-07T21:29:00 Last Modified: 2020-07-15T03:15:00
Summary
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18313 vulnerability.
References
- https://www.debian.org/security/2018/dsa-4347
- https://usn.ubuntu.com/3834-2/
- https://rt.perl.org/Ticket/Display.html?id=133192
- https://metacpan.org/changes/release/SHAY/perl-5.26.3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
- https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62
- https://bugzilla.redhat.com/show_bug.cgi?id=1646738
- http://www.securitytracker.com/id/1042181
- https://usn.ubuntu.com/3834-1/
- https://access.redhat.com/errata/RHSA-2019:0010
- https://access.redhat.com/errata/RHSA-2019:0001
- https://security.netapp.com/advisory/ntap-20190221-0003/
- https://support.apple.com/kb/HT209600
- https://seclists.org/bugtraq/2019/Mar/42
- http://seclists.org/fulldisclosure/2019/Mar/49
- https://security.gentoo.org/glsa/201909-01
- https://www.oracle.com/security-alerts/cpujul2020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18314: Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid…
Published: 2018-12-07T21:29:00 Last Modified: 2020-07-15T03:15:00
Summary
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18314 vulnerability.
References
- https://www.debian.org/security/2018/dsa-4347
- https://rt.perl.org/Ticket/Display.html?id=131649
- https://metacpan.org/changes/release/SHAY/perl-5.26.3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
- https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f
- https://bugzilla.redhat.com/show_bug.cgi?id=1646751
- http://www.securitytracker.com/id/1042181
- https://usn.ubuntu.com/3834-1/
- http://www.securityfocus.com/bid/106145
- https://access.redhat.com/errata/RHSA-2019:0010
- https://access.redhat.com/errata/RHSA-2019:0001
- https://security.netapp.com/advisory/ntap-20190221-0003/
- https://security.gentoo.org/glsa/201909-01
- https://www.oracle.com/security-alerts/cpujul2020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18311: Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular…
Published: 2018-12-07T21:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18311 vulnerability.
References
- https://www.debian.org/security/2018/dsa-4347
- https://usn.ubuntu.com/3834-2/
- https://rt.perl.org/Ticket/Display.html?id=133204
- https://metacpan.org/changes/release/SHAY/perl-5.28.1
- https://metacpan.org/changes/release/SHAY/perl-5.26.3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
- https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html
- https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be
- https://bugzilla.redhat.com/show_bug.cgi?id=1646730
- http://www.securitytracker.com/id/1042181
- https://usn.ubuntu.com/3834-1/
- http://www.securityfocus.com/bid/106145
- https://access.redhat.com/errata/RHSA-2019:0010
- https://access.redhat.com/errata/RHSA-2019:0001
- https://access.redhat.com/errata/RHSA-2019:0109
- https://security.netapp.com/advisory/ntap-20190221-0003/
- https://support.apple.com/kb/HT209600
- https://seclists.org/bugtraq/2019/Mar/42
- http://seclists.org/fulldisclosure/2019/Mar/49
- https://kc.mcafee.com/corporate/index?page=content&id=SB10278
- https://access.redhat.com/errata/RHBA-2019:0327
- https://access.redhat.com/errata/RHSA-2019:1790
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://access.redhat.com/errata/RHSA-2019:1942
- https://access.redhat.com/errata/RHSA-2019:2400
- https://security.gentoo.org/glsa/201909-01
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This…
Published: 2018-12-06T14:29:00 Last Modified: 2020-10-15T13:28:00
Summary
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.
Common Weakness Enumeration (CWE): CWE-704: Incorrect Type Conversion or Cast
CWE Description: The software does not correctly convert an object, resource, or structure from one type to a different type.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2018-9568 vulnerability.
References
- https://source.android.com/security/bulletin/2018-12-01
- https://usn.ubuntu.com/3880-2/
- https://usn.ubuntu.com/3880-1/
- https://access.redhat.com/errata/RHSA-2019:0514
- https://access.redhat.com/errata/RHSA-2019:0512
- https://access.redhat.com/errata/RHSA-2019:2696
- https://access.redhat.com/errata/RHSA-2019:2730
- https://access.redhat.com/errata/RHSA-2019:2736
- https://access.redhat.com/errata/RHSA-2019:3967
- https://access.redhat.com/errata/RHSA-2019:4056
- https://access.redhat.com/errata/RHSA-2019:4159
- https://access.redhat.com/errata/RHSA-2019:4164
- https://access.redhat.com/errata/RHSA-2019:4255
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-18312: Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular…
Published: 2018-12-05T22:29:00 Last Modified: 2020-07-15T03:15:00
Summary
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-18312 vulnerability.
References
- https://www.debian.org/security/2018/dsa-4347
- https://rt.perl.org/Public/Bug/Display.html?id=133423
- https://metacpan.org/changes/release/SHAY/perl-5.28.1
- https://metacpan.org/changes/release/SHAY/perl-5.26.3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
- https://bugzilla.redhat.com/show_bug.cgi?id=1646734
- http://www.securitytracker.com/id/1042181
- https://usn.ubuntu.com/3834-1/
- http://www.securityfocus.com/bid/106179
- https://access.redhat.com/errata/RHSA-2019:0010
- https://access.redhat.com/errata/RHSA-2019:0001
- https://security.netapp.com/advisory/ntap-20190221-0003/
- https://security.gentoo.org/glsa/201909-01
- https://www.oracle.com/security-alerts/cpujul2020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-6152: The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files…
Published: 2018-12-04T17:29:00 Last Modified: 2019-02-05T20:39:00
Summary
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.
Common Weakness Enumeration (CWE): CWE-434: Unrestricted Upload of File with Dangerous Type
CWE Description: This can be resultant from client-side enforcement (CWE-602); some products will include web script in web clients to check the filename, without verifying on the server side.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-6152 vulnerability.
References
- https://crbug.com/805445
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4256
- https://security.gentoo.org/glsa/201808-01
- https://access.redhat.com/errata/RHSA-2018:2282
- http://www.securityfocus.com/bid/104887
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16863: It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly…
Published: 2018-12-03T17:29:00 Last Modified: 2019-10-09T23:36:00
Summary
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.
Common Weakness Enumeration (CWE): CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
CWE Description: The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16863 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863
- http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486
- http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d
- http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33
- http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=520bb0ea7519
- https://access.redhat.com/errata/RHSA-2018:3761
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-15978: Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful…
Published: 2018-11-29T20:29:00 Last Modified: 2018-12-28T20:01:00
Summary
Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-15978 vulnerability.
References
- https://helpx.adobe.com/security/products/flash-player/apsb18-39.html
- https://access.redhat.com/errata/RHSA-2018:3618
- http://www.securitytracker.com/id/1042098
- http://www.securityfocus.com/bid/105909
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-15981: Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful…
Published: 2018-11-29T20:29:00 Last Modified: 2018-12-28T20:00:00
Summary
Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
Common Weakness Enumeration (CWE): CWE-704: Incorrect Type Conversion or Cast
CWE Description: The software does not correctly convert an object, resource, or structure from one type to a different type.
Scores
- Impact Score: 10.0
- Exploitability Score: 10.0
- CVSS: 10.0
- CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-15981 vulnerability.
References
- https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
- https://access.redhat.com/errata/RHSA-2018:3644
- http://www.securitytracker.com/id/1042151
- http://www.securityfocus.com/bid/105964
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-8786: FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based…
Published: 2018-11-29T18:29:00 Last Modified: 2020-09-29T02:09:00
Summary
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
Common Weakness Enumeration (CWE): CWE-681: Incorrect Conversion between Numeric Types
CWE Description: When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-8786 vulnerability.
References
- https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3
- https://usn.ubuntu.com/3845-1/
- http://www.securityfocus.com/bid/106938
- https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html
- https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
- https://access.redhat.com/errata/RHSA-2019:0697
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YVJKO2DR5EY4C4QZOP7SNNBEW2JW6FHX/
- https://usn.ubuntu.com/3845-2/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-8787: FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer…
Published: 2018-11-29T18:29:00 Last Modified: 2020-09-29T02:01:00
Summary
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-8787 vulnerability.
References
- https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a
- https://usn.ubuntu.com/3845-1/
- http://www.securityfocus.com/bid/106938
- https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html
- https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
- https://access.redhat.com/errata/RHSA-2019:0697
- https://usn.ubuntu.com/3845-2/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16862: A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an…
Published: 2018-11-26T19:29:00 Last Modified: 2019-04-01T21:29:00
Summary
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2018-16862 vulnerability.
References
- https://seclists.org/oss-sec/2018/q4/169
- https://lore.kernel.org/patchwork/patch/1011367/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862
- http://www.securityfocus.com/bid/106009
- https://usn.ubuntu.com/3879-2/
- https://usn.ubuntu.com/3879-1/
- https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4118-1/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-14646: The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in…
Published: 2018-11-26T19:29:00 Last Modified: 2019-10-09T23:35:00
Summary
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2018-14646 vulnerability.
References
- https://marc.info/?l=linux-netdev&m=151500466401174&w=2
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14646
- https://access.redhat.com/errata/RHSA-2018:3666
- https://access.redhat.com/errata/RHSA-2018:3651
- https://access.redhat.com/errata/RHSA-2018:3843
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-19476: psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access…
Published: 2018-11-23T05:29:00 Last Modified: 2019-04-25T13:07:00
Summary
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
Common Weakness Enumeration (CWE): CWE-704: Incorrect Type Conversion or Cast
CWE Description: The software does not correctly convert an object, resource, or structure from one type to a different type.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-19476 vulnerability.
References
- https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26
- https://bugs.ghostscript.com/show_bug.cgi?id=700169
- http://git.ghostscript.com/?p=ghostpdl.git;h=434753adbe8be5534bfb9b7d91746023e8073d16
- http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a
- https://www.debian.org/security/2018/dsa-4346
- https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html
- https://usn.ubuntu.com/3831-1/
- http://www.securityfocus.com/bid/106154
- https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf
- https://access.redhat.com/errata/RHSA-2019:0229
- https://access.redhat.com/errata/RHBA-2019:0327
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-19477: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended…
Published: 2018-11-23T05:29:00 Last Modified: 2019-04-25T13:07:00
Summary
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
Common Weakness Enumeration (CWE): CWE-704: Incorrect Type Conversion or Cast
CWE Description: The software does not correctly convert an object, resource, or structure from one type to a different type.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-19477 vulnerability.
References
- https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26
- https://bugs.ghostscript.com/show_bug.cgi?id=700168
- http://git.ghostscript.com/?p=ghostpdl.git;h=606a22e77e7f081781e99e44644cd0119f559e03
- http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb
- https://www.debian.org/security/2018/dsa-4346
- https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html
- https://usn.ubuntu.com/3831-1/
- http://www.securityfocus.com/bid/106154
- https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf
- https://access.redhat.com/errata/RHSA-2019:0229
- https://access.redhat.com/errata/RHBA-2019:0327
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-19475: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended…
Published: 2018-11-23T05:29:00 Last Modified: 2019-10-03T00:03:00
Summary
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-19475 vulnerability.
References
- https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26
- https://bugs.ghostscript.com/show_bug.cgi?id=700153
- http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315
- http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e
- https://www.debian.org/security/2018/dsa-4346
- https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html
- https://usn.ubuntu.com/3831-1/
- http://www.securityfocus.com/bid/106154
- https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf
- https://access.redhat.com/errata/RHSA-2019:0229
- https://access.redhat.com/errata/RHBA-2019:0327
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-19409: An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked…
Published: 2018-11-21T16:29:00 Last Modified: 2019-10-03T00:03:00
Summary
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-19409 vulnerability.
References
- https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26
- https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=661e8d8fb8248c38d67958beda32f3a5876d0c3f
- https://bugs.ghostscript.com/show_bug.cgi?id=700176
- http://www.securityfocus.com/bid/105990
- https://security.gentoo.org/glsa/201811-12
- https://www.debian.org/security/2018/dsa-4346
- https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html
- https://usn.ubuntu.com/3831-1/
- https://access.redhat.com/errata/RHSA-2018:3834
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16395: An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x…
Published: 2018-11-16T18:29:00 Last Modified: 2019-10-03T00:03:00
Summary
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16395 vulnerability.
References
- https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/
- https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/
- https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/
- https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/
- https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
- https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html
- https://hackerone.com/reports/387250
- https://www.debian.org/security/2018/dsa-4332
- https://usn.ubuntu.com/3808-1/
- http://www.securitytracker.com/id/1042105
- https://access.redhat.com/errata/RHSA-2018:3738
- https://access.redhat.com/errata/RHSA-2018:3731
- https://access.redhat.com/errata/RHSA-2018:3730
- https://access.redhat.com/errata/RHSA-2018:3729
- https://security.netapp.com/advisory/ntap-20190221-0002/
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
- https://access.redhat.com/errata/RHSA-2019:1948
- https://access.redhat.com/errata/RHSA-2019:2565
- https://www.oracle.com/security-alerts/cpujan2020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-16396: An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x…
Published: 2018-11-16T18:29:00 Last Modified: 2019-10-03T00:03:00
Summary
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-16396 vulnerability.
References
- https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/
- https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/
- https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/
- https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/
- https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/
- https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html
- https://hackerone.com/reports/385070
- https://www.debian.org/security/2018/dsa-4332
- https://usn.ubuntu.com/3808-1/
- http://www.securitytracker.com/id/1042106
- https://access.redhat.com/errata/RHSA-2018:3731
- https://access.redhat.com/errata/RHSA-2018:3730
- https://access.redhat.com/errata/RHSA-2018:3729
- https://security.netapp.com/advisory/ntap-20190221-0002/
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
- https://access.redhat.com/errata/RHSA-2019:2028
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-5407: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software…
Published: 2018-11-15T21:29:00 Last Modified: 2020-09-18T16:58:00
Summary
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on ‘port contention’.
Common Weakness Enumeration (CWE): CWE-203: Observable Discrepancy
CWE Description: The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.4
- CVSS: 1.9
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2018-5407 vulnerability.
References
- https://github.com/bbbrumley/portsmash
- https://eprint.iacr.org/2018/1060.pdf
- https://www.exploit-db.com/exploits/45785/
- http://www.securityfocus.com/bid/105897
- https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
- https://security.netapp.com/advisory/ntap-20181126-0001/
- https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
- https://www.debian.org/security/2018/dsa-4348
- https://usn.ubuntu.com/3840-1/
- https://www.debian.org/security/2018/dsa-4355
- https://www.tenable.com/security/tns-2018-17
- https://www.tenable.com/security/tns-2018-16
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://security.gentoo.org/glsa/201903-10
- https://access.redhat.com/errata/RHSA-2019:0483
- https://access.redhat.com/errata/RHSA-2019:0652
- https://access.redhat.com/errata/RHSA-2019:0651
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://access.redhat.com/errata/RHSA-2019:2125
- https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS
- https://access.redhat.com/errata/RHSA-2019:3929
- https://access.redhat.com/errata/RHSA-2019:3935
- https://access.redhat.com/errata/RHSA-2019:3933
- https://access.redhat.com/errata/RHSA-2019:3931
- https://access.redhat.com/errata/RHSA-2019:3932
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-17465: Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed…
Published: 2018-11-14T15:29:00 Last Modified: 2018-12-19T20:34:00
Summary
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-17465 vulnerability.
References
- https://crbug.com/870226
- https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4330
- https://access.redhat.com/errata/RHSA-2018:3004
- http://www.securityfocus.com/bid/105666
- https://security.gentoo.org/glsa/201811-10
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-17475: Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed…
Published: 2018-11-14T15:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-17475 vulnerability.
References
- https://crbug.com/852634
- https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4330
- https://access.redhat.com/errata/RHSA-2018:3004
- http://www.securityfocus.com/bid/105666
- https://security.gentoo.org/glsa/201811-10
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-17467: Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to…
Published: 2018-11-14T15:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-459: Incomplete Cleanup
CWE Description: The software does not properly “clean up” and remove temporary or supporting resources after they have been used.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-17467 vulnerability.
References
- https://crbug.com/844881
- https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4330
- https://access.redhat.com/errata/RHSA-2018:3004
- http://www.securityfocus.com/bid/105666
- https://security.gentoo.org/glsa/201811-10
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-17471: Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote…
Published: 2018-11-14T15:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-17471 vulnerability.
References
- https://crbug.com/873080
- https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4330
- https://access.redhat.com/errata/RHSA-2018:3004
- http://www.securityfocus.com/bid/105666
- https://security.gentoo.org/glsa/201811-10
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-17466: Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote…
Published: 2018-11-14T15:29:00 Last Modified: 2019-03-05T15:57:00
Summary
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-17466 vulnerability.
References
- https://crbug.com/880906
- https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4330
- https://access.redhat.com/errata/RHSA-2018:3004
- http://www.securityfocus.com/bid/105666
- https://security.gentoo.org/glsa/201811-10
- https://usn.ubuntu.com/3844-1/
- http://www.securityfocus.com/bid/106168
- https://www.debian.org/security/2018/dsa-4354
- https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html
- https://access.redhat.com/errata/RHSA-2018:3833
- https://access.redhat.com/errata/RHSA-2018:3831
- https://www.debian.org/security/2019/dsa-4362
- https://usn.ubuntu.com/3868-1/
- https://access.redhat.com/errata/RHSA-2019:0160
- https://access.redhat.com/errata/RHSA-2019:0159
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-17477: Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote…
Published: 2018-11-14T15:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-17477 vulnerability.
References
- https://crbug.com/863703
- https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4330
- https://access.redhat.com/errata/RHSA-2018:3004
- http://www.securityfocus.com/bid/105666
- https://security.gentoo.org/glsa/201811-10
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-17468: Incorrect handling of timer information during navigation in Blink in Google Chrome prior to…
Published: 2018-11-14T15:29:00 Last Modified: 2018-12-19T20:59:00
Summary
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-17468 vulnerability.
References
- https://crbug.com/876822
- https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4330
- https://access.redhat.com/errata/RHSA-2018:3004
- http://www.securityfocus.com/bid/105666
- https://security.gentoo.org/glsa/201811-10
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-17476: Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote…
Published: 2018-11-14T15:29:00 Last Modified: 2020-08-24T17:37:00
Summary
Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-17476 vulnerability.
References
- https://crbug.com/812769
- https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
- https://www.debian.org/security/2018/dsa-4330
- https://access.redhat.com/errata/RHSA-2018:3004
- http://www.securityfocus.com/bid/105666
- https://security.gentoo.org/glsa/201811-10
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-17472: Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to…
Published: 2018-11-14T15:29:00 Last Modified: 2019-10-03T00:03:00
Summary
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the