redhat/fedora: The latest CVE Vulnerabilities and Exploits for Penetration Test

Last Updated: 2023-05-04

Page content

redhat/fedora Vulnerability Summary

Vendor name: redhat
Product name: fedora
Total vulnerabilities: 526 (as 2023-05-04)

redhat/fedora Vulnerability List

CVE-2021-45417: AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such…

Published: 2022-01-20T18:15:00 Last Modified: 2022-01-26T19:49:00

Summary

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-45417 vulnerability.

References

CVE-2022-21682: Flatpak is a Linux application sandboxing and distribution framework. A path traversal…

Published: 2022-01-13T21:15:00 Last Modified: 2022-02-10T07:52:00

Summary

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies finish-args last in the build. At this point the build directory will have the full access that is specified in the manifest, so running flatpak build against it will gain those permissions. Normally this will not be done, so this is not problem. However, if --mirror-screenshots-url is specified, then flatpak-builder will launch flatpak build --nofilesystem=host appstream-utils mirror-screenshots after finalization, which can lead to issues even with the --nofilesystem=host protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the appstream-util binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of --nofilesystem=home and --nofilesystem=host.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2022-21682 vulnerability.

References

CVE-2021-43860: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3…

Published: 2022-01-12T22:15:00 Last Modified: 2022-02-10T15:03:00

Summary

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn’t properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there’s a null byte in the metadata file of an app. Therefore apps can grant themselves permissions without the consent of the user. Flatpak shows permissions to the user during install by reading them from the “xa.metadata” key in the commit metadata. This cannot contain a null terminator, because it is an untrusted GVariant. Flatpak compares these permissions to the actual metadata, from the “metadata” file to ensure it wasn’t lied to. However, the actual metadata contents are loaded in several places where they are read as simple C-style strings. That means that, if the metadata file includes a null terminator, only the content of the file from before the terminator gets compared to xa.metadata. Thus, any permissions that appear in the metadata file after a null terminator are applied at runtime but not shown to the user. So maliciously crafted apps can give themselves hidden permissions. Users who have Flatpaks installed from untrusted sources are at risk in case the Flatpak has a maliciously crafted metadata file, either initially or in an update. This issue is patched in versions 1.12.3 and 1.10.6. As a workaround, users can manually check the permissions of installed apps by checking the metadata file or the xa.metadata key on the commit metadata.

Common Weakness Enumeration (CWE): CWE-276: Incorrect Default Permissions

CWE Description: During installation, installed file permissions are set to allow anyone to modify those files.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-43860 vulnerability.

References

Published: 2022-01-01T06:15:00 Last Modified: 2022-02-11T15:32:00

Summary

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

Common Weakness Enumeration (CWE): CWE-565: Reliance on Cookies without Validation and Integrity Checking

CWE Description: The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-41819 vulnerability.

References

CVE-2021-41817: Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of…

Published: 2022-01-01T05:15:00 Last Modified: 2022-01-11T21:31:00

Summary

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-41817 vulnerability.

References

CVE-2021-4166: vim is vulnerable to Out-of-bounds Read

Published: 2021-12-25T19:15:00 Last Modified: 2022-02-04T15:45:00

Summary

vim is vulnerable to Out-of-bounds Read

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-4166 vulnerability.

References

CVE-2021-3621: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via…

Published: 2021-12-23T21:15:00 Last Modified: 2022-01-07T16:18:00

Summary

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Common Weakness Enumeration (CWE): CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’)

CWE Description: The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Scores

Impact Score: 10.0
Exploitability Score: 8.6
CVSS: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3621 vulnerability.

References

CVE-2021-3622: A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted…

Published: 2021-12-23T21:15:00 Last Modified: 2022-01-10T13:37:00

Summary

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption

CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3622 vulnerability.

References

CVE-2021-4024: A flaw was found in podman. The `podman machine` function (used to create and manage Podman…

Published: 2021-12-23T20:15:00 Last Modified: 2022-02-08T03:15:00

Summary

A flaw was found in podman. The podman machine function (used to create and manage Podman virtual machine containing a Podman process) spawns a gvproxy process on the host system. The gvproxy API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host’s firewall, an attacker can potentially use the gvproxy API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host’s services by forwarding all ports to the VM.

Common Weakness Enumeration (CWE): CWE-346: Origin Validation Error

CWE Description: The software does not properly verify that the source of data or communication is valid.

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-4024 vulnerability.

References

CVE-2021-45463: load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command…

Published: 2021-12-23T06:15:00 Last Modified: 2022-02-07T19:13:00

Summary

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-45463 vulnerability.

References

CVE-2021-44733: A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through…

Published: 2021-12-22T17:15:00 Last Modified: 2022-01-14T07:15:00

Summary

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 3.4
CVSS: 4.4
CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-44733 vulnerability.

References

CVE-2021-45078: stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a…

Published: 2021-12-15T20:15:00 Last Modified: 2022-01-10T14:10:00

Summary

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-45078 vulnerability.

References

CVE-2021-4104: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has…

Published: 2021-12-14T12:15:00 Last Modified: 2022-02-07T16:16:00

Summary

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data

CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Scores

Impact Score: 6.4
Exploitability Score: 6.8
CVSS: 6.0
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-4104 vulnerability.

References

CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in…

Published: 2021-12-08T22:15:00 Last Modified: 2022-01-04T16:09:00

Summary

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-4048 vulnerability.

References

CVE-2021-3802: A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image…

Published: 2021-11-29T16:15:00 Last Modified: 2021-12-01T15:44:00

Summary

A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.9
Exploitability Score: 6.8
CVSS: 6.3
CVSS Vector: AV:N/AC:M/Au:S/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3802 vulnerability.

References

CVE-2021-3672: A flaw was found in c-ares library, where a missing input validation check of host names returned…

Published: 2021-11-23T19:15:00 Last Modified: 2021-12-14T18:29:00

Summary

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3672 vulnerability.

References

CVE-2021-3935: When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can…

Published: 2021-11-22T16:15:00 Last Modified: 2022-02-14T15:15:00

Summary

When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.

Common Weakness Enumeration (CWE): CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

CWE Description: The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3935 vulnerability.

References

CVE-2021-3746: A flaw was found in the libtpms code that may cause access beyond the boundary of internal…

Published: 2021-10-19T15:15:00 Last Modified: 2021-10-22T20:28:00

Summary

A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2’s volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.9
Exploitability Score: 8.6
CVSS: 7.1
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3746 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1998588

CVE-2021-32672: Redis is an open source, in-memory database that persists on disk. When using the Redis Lua…

Published: 2021-10-04T18:15:00 Last Modified: 2021-11-28T23:16:00

Summary

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-32672 vulnerability.

References

CVE-2021-39251: A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G <…

Published: 2021-09-07T15:15:00 Last Modified: 2021-11-29T21:29:00

Summary

A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 10.0
Exploitability Score: 3.4
CVSS: 6.9
CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-39251 vulnerability.

References

CVE-2021-33285: In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the…

Published: 2021-09-07T14:15:00 Last Modified: 2021-11-29T21:36:00

Summary

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the “bytes_in_use” field should be less than the “bytes_allocated” field. When it is not, the parsing of the records proceeds into the wild.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 3.4
CVSS: 6.9
CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-33285 vulnerability.

References

CVE-2021-3634: A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two…

Published: 2021-08-31T17:15:00 Last Modified: 2022-02-07T16:16:00

Summary

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating “secret_hash” of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3634 vulnerability.

References

CVE-2021-40153: squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory…

Published: 2021-08-27T15:15:00 Last Modified: 2021-10-07T17:48:00

Summary

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-40153 vulnerability.

References

CVE-2021-3573: A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found…

Published: 2021-08-13T14:15:00 Last Modified: 2021-08-24T19:21:00

Summary

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 10.0
Exploitability Score: 3.4
CVSS: 6.9
CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3573 vulnerability.

References

CVE-2021-3635: A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A…

Published: 2021-08-13T14:15:00 Last Modified: 2021-08-23T20:33:00

Summary

A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3635 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1976946

CVE-2021-20314: Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can…

Published: 2021-08-12T15:15:00 Last Modified: 2021-12-02T20:40:00

Summary

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20314 vulnerability.

References

CVE-2021-3570: A flaw was found in the ptp4l program of the linuxptp package. A missing length check when…

Published: 2021-07-09T11:15:00 Last Modified: 2021-09-14T14:42:00

Summary

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 8.5
Exploitability Score: 8.0
CVSS: 8.0
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C

Impact

Availability: COMPLETE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3570 vulnerability.

References

CVE-2021-3571: A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a…

Published: 2021-07-09T11:15:00 Last Modified: 2021-09-14T14:43:00

Summary

A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 4.9
Exploitability Score: 8.0
CVSS: 5.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3571 vulnerability.

References

CVE-2021-3612: An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem in…

Published: 2021-07-09T11:15:00 Last Modified: 2021-12-17T01:15:00

Summary

An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3612 vulnerability.

References

CVE-2021-3592: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….

Published: 2021-06-15T21:15:00 Last Modified: 2021-09-21T18:04:00

Summary

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the ‘bootp_t’ structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer

CWE Description: The program accesses or uses a pointer that has not been initialized.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3592 vulnerability.

References

CVE-2021-3593: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….

Published: 2021-06-15T21:15:00 Last Modified: 2021-09-20T13:52:00

Summary

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the ‘udphdr’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer

CWE Description: The program accesses or uses a pointer that has not been initialized.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3593 vulnerability.

References

CVE-2021-3594: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….

Published: 2021-06-15T21:15:00 Last Modified: 2021-09-21T18:04:00

Summary

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the ‘udphdr’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer

CWE Description: The program accesses or uses a pointer that has not been initialized.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3594 vulnerability.

References

CVE-2021-3595: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….

Published: 2021-06-15T21:15:00 Last Modified: 2021-09-21T17:01:00

Summary

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the ’tftp_t’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer

CWE Description: The program accesses or uses a pointer that has not been initialized.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3595 vulnerability.

References

CVE-2021-3532: A flaw was found in Ansible where the secret information present in async_files are getting…

Published: 2021-06-09T12:15:00 Last Modified: 2021-06-21T16:54:00

Summary

A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3532 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1956464

CVE-2021-3533: A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a…

Published: 2021-06-09T12:15:00 Last Modified: 2021-06-17T17:21:00

Summary

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

CWE Description: The software checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.

Scores

Impact Score: 2.9
Exploitability Score: 1.9
CVSS: 1.2
CVSS Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: HIGH
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3533 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1956477

CVE-2021-3565: A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a…

Published: 2021-06-04T12:15:00 Last Modified: 2021-12-02T13:55:00

Summary

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.

Common Weakness Enumeration (CWE): CWE-665: Improper Initialization

CWE Description: The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3565 vulnerability.

References

CVE-2021-3516: There’s a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who is able to submit…

Published: 2021-06-01T14:15:00 Last Modified: 2022-02-07T16:16:00

Summary

There’s a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3516 vulnerability.

References

CVE-2021-3543: A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that…

Published: 2021-06-01T14:15:00 Last Modified: 2021-06-11T19:14:00

Summary

A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3543 vulnerability.

References

CVE-2021-20236: A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious…

Published: 2021-05-28T11:15:00 Last Modified: 2021-06-02T15:35:00

Summary

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20236 vulnerability.

References

CVE-2021-20239: A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw…

Published: 2021-05-28T11:15:00 Last Modified: 2021-06-02T15:28:00

Summary

A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.

Common Weakness Enumeration (CWE): CWE-822: Untrusted Pointer Dereference

CWE Description: The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20239 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1923636

CVE-2021-20292: There is a flaw reported in the Linux kernel in versions before 5.9 in…

Published: 2021-05-28T11:15:00 Last Modified: 2021-06-23T02:15:00

Summary

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20292 vulnerability.

References

CVE-2020-25710: A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a…

Published: 2021-05-28T11:15:00 Last Modified: 2021-09-14T17:38:00

Summary

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-617: Reachable Assertion

CWE Description: The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-25710 vulnerability.

References

CVE-2021-30501: An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow…

Published: 2021-05-27T00:15:00 Last Modified: 2021-06-08T01:59:00

Summary

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-30501 vulnerability.

References

CVE-2021-30500: Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version…

Published: 2021-05-27T00:15:00 Last Modified: 2021-06-08T02:05:00

Summary

Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-30500 vulnerability.

References

CVE-2021-30471: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary…

Published: 2021-05-26T22:15:00 Last Modified: 2021-06-08T15:04:00

Summary

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.

Common Weakness Enumeration (CWE): CWE-674: Uncontrolled Recursion

CWE Description: The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-30471 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1947441

CVE-2021-30469: A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function…

Published: 2021-05-26T22:15:00 Last Modified: 2021-06-08T16:29:00

Summary

A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-30469 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1947433

CVE-2021-30470: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(),…

Published: 2021-05-26T22:15:00 Last Modified: 2021-06-08T02:07:00

Summary

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.

Common Weakness Enumeration (CWE): CWE-674: Uncontrolled Recursion

CWE Description: The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-30470 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1947436

CVE-2021-20297: A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a…

Published: 2021-05-26T21:15:00 Last Modified: 2021-06-03T17:20:00

Summary

A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20297 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1943282

CVE-2021-20178: A flaw was found in ansible module where credentials are disclosed in the console log by default…

Published: 2021-05-26T12:15:00 Last Modified: 2021-06-03T15:57:00

Summary

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File

CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20178 vulnerability.

References

CVE-2021-3426: There’s a flaw in Python 3’s pydoc. A local or adjacent attacker who discovers or is able to…

Published: 2021-05-20T13:15:00 Last Modified: 2022-02-07T16:16:00

Summary

There’s a flaw in Python 3’s pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 5.1
CVSS: 2.7
CVSS Vector: AV:A/AC:L/Au:S/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: ADJACENT_NETWORK

Currently, there is no code for exploiting the CVE-2021-3426 vulnerability.

References

CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who…

Published: 2021-05-19T14:15:00 Last Modified: 2021-07-20T11:15:00

Summary

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.

Common Weakness Enumeration (CWE): CWE-347: Improper Verification of Cryptographic Signature

CWE Description: The software does not verify, or incorrectly verifies, the cryptographic signature for data.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3421 vulnerability.

References

CVE-2021-3445: A flaw was found in libdnf’s signature verification functionality in versions before 0.60.1. This…

Published: 2021-05-19T14:15:00 Last Modified: 2021-06-02T14:58:00

Summary

A flaw was found in libdnf’s signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

Common Weakness Enumeration (CWE): CWE-347: Improper Verification of Cryptographic Signature

CWE Description: The software does not verify, or incorrectly verifies, the cryptographic signature for data.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3445 vulnerability.

References

CVE-2021-3517: There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An…

Published: 2021-05-19T14:15:00 Last Modified: 2022-02-07T16:16:00

Summary

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3517 vulnerability.

References

CVE-2021-3518: There’s a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted…

Published: 2021-05-18T12:15:00 Last Modified: 2021-12-09T21:30:00

Summary

There’s a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3518 vulnerability.

References

CVE-2021-3531: A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a…

Published: 2021-05-18T12:15:00 Last Modified: 2021-05-25T16:27:00

Summary

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3531 vulnerability.

References

CVE-2021-3524: A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before…

Published: 2021-05-17T17:15:00 Last Modified: 2021-09-20T12:15:00

Summary

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3524 vulnerability.

References

CVE-2020-27769: In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of…

Published: 2021-05-14T20:15:00 Last Modified: 2021-05-19T19:08:00

Summary

In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type ‘float’ at MagickCore/quantize.c.

Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound

CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-27769 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1894690

CVE-2021-3537: A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors…

Published: 2021-05-14T20:15:00 Last Modified: 2021-12-08T20:19:00

Summary

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3537 vulnerability.

References

CVE-2020-27824: A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This…

Published: 2021-05-13T14:15:00 Last Modified: 2021-12-07T19:40:00

Summary

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-27824 vulnerability.

References

CVE-2021-3504: A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of…

Published: 2021-05-11T23:15:00 Last Modified: 2021-06-21T18:35:00

Summary

A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3504 vulnerability.

References

CVE-2021-20254: A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs)…

Published: 2021-05-05T14:15:00 Last Modified: 2021-06-24T18:30:00

Summary

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 4.9
Exploitability Score: 6.8
CVSS: 4.9
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20254 vulnerability.

References

CVE-2021-3472: A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in…

Published: 2021-04-26T15:15:00 Last Modified: 2021-05-19T12:54:00

Summary

A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-191: Integer Underflow (Wrap or Wraparound)

CWE Description: The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3472 vulnerability.

References

CVE-2021-20208: A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file…

Published: 2021-04-19T22:15:00 Last Modified: 2021-12-10T19:52:00

Summary

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

Common Weakness Enumeration (CWE): CWE-266: Incorrect Privilege Assignment

CWE Description: A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Scores

Impact Score: 4.9
Exploitability Score: 6.8
CVSS: 4.9
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20208 vulnerability.

References

CVE-2021-3505: A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit…

Published: 2021-04-19T21:15:00 Last Modified: 2021-06-03T16:19:00

Summary

A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.

Common Weakness Enumeration (CWE): CWE-331: Insufficient Entropy

CWE Description: The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3505 vulnerability.

References

CVE-2021-20288: An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles…

Published: 2021-04-15T15:15:00 Last Modified: 2021-06-03T18:28:00

Summary

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn’t sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

Impact Score: 6.4
Exploitability Score: 8.0
CVSS: 6.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20288 vulnerability.

References

CVE-2021-3487: There’s a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a…

Published: 2021-04-15T14:15:00 Last Modified: 2021-05-04T12:55:00

Summary

There’s a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption

Scores

Impact Score: 6.9
Exploitability Score: 8.6
CVSS: 7.1
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3487 vulnerability.

References

CVE-2021-3482: A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation…

Published: 2021-04-08T23:15:00 Last Modified: 2021-09-21T18:15:00

Summary

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3482 vulnerability.

References

CVE-2021-3448: A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for…

Published: 2021-04-08T23:15:00 Last Modified: 2022-02-07T16:16:00

Summary

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

Common Weakness Enumeration (CWE): CWE-358: Improperly Implemented Security Check for Standard

CWE Description: The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3448 vulnerability.

References

CVE-2021-20305: A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification…

Published: 2021-04-05T22:15:00 Last Modified: 2021-12-06T13:57:00

Summary

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20305 vulnerability.

References

CVE-2021-20291: A deadlock vulnerability was found in ‘github.com/containers/storage’ in versions before 1.28.1….

Published: 2021-04-01T18:15:00 Last Modified: 2021-06-02T13:13:00

Summary

A deadlock vulnerability was found in ‘github.com/containers/storage’ in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).

Common Weakness Enumeration (CWE): CWE-667: Improper Locking

CWE Description: The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Scores

Impact Score: 6.9
Exploitability Score: 8.6
CVSS: 7.1
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20291 vulnerability.

References

CVE-2021-3447: A flaw was found in several ansible modules, where parameters containing credentials, such as…

Published: 2021-04-01T18:15:00 Last Modified: 2021-06-03T13:47:00

Summary

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.

Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File

CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3447 vulnerability.

References

CVE-2021-20271: A flaw was found in RPM’s signature check functionality when reading a package file. This flaw…

Published: 2021-03-26T17:15:00 Last Modified: 2021-12-10T19:50:00

Summary

A flaw was found in RPM’s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Common Weakness Enumeration (CWE): CWE-345: Insufficient Verification of Data Authenticity

CWE Description: The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20271 vulnerability.

References

CVE-2021-3443: A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled…

Published: 2021-03-25T19:15:00 Last Modified: 2021-03-30T16:52:00

Summary

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3443 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1939233

CVE-2021-3446: A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms…

Published: 2021-03-25T19:15:00 Last Modified: 2021-03-26T18:01:00

Summary

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.

Common Weakness Enumeration (CWE): CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CWE Description: The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3446 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1939664

CVE-2021-3466: A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function…

Published: 2021-03-25T19:15:00 Last Modified: 2021-12-15T14:38:00

Summary

A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.

Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3466 vulnerability.

References

CVE-2021-3409: The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU…

Published: 2021-03-23T21:15:00 Last Modified: 2021-05-07T05:15:00

Summary

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3409 vulnerability.

References

CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when…

Published: 2021-03-23T17:15:00 Last Modified: 2021-12-10T17:04:00

Summary

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the “exception” keyword.

Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)

CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20270 vulnerability.

References

CVE-2019-10196: A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent…

Published: 2021-03-19T20:15:00 Last Modified: 2021-03-25T19:21:00

Summary

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.

Common Weakness Enumeration (CWE): CWE-665: Improper Initialization

CWE Description: The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

Scores

Impact Score: 8.5
Exploitability Score: 10.0
CVSS: 9.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C

Impact

Availability: COMPLETE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-10196 vulnerability.

References

CVE-2021-3416: A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in…

Published: 2021-03-18T20:15:00 Last Modified: 2022-01-04T16:38:00

Summary

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.

Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)

CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3416 vulnerability.

References

CVE-2020-27827: A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause…

Published: 2021-03-18T17:15:00 Last Modified: 2021-08-04T17:14:00

Summary

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption

Scores

Impact Score: 6.9
Exploitability Score: 8.6
CVSS: 7.1
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-27827 vulnerability.

References

CVE-2021-20179: A flaw was found in pki-core. An attacker who has successfully compromised a key could use this…

Published: 2021-03-15T13:15:00 Last Modified: 2021-03-24T01:58:00

Summary

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization

CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

Scores

Impact Score: 4.9
Exploitability Score: 8.0
CVSS: 5.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20179 vulnerability.

References

CVE-2021-20231: A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead…

Published: 2021-03-12T19:15:00 Last Modified: 2021-06-01T14:07:00

Summary

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20231 vulnerability.

References

CVE-2021-20232: A flaw was found in gnutls. A use after free issue in client_send_params in…

Published: 2021-03-12T19:15:00 Last Modified: 2021-05-17T14:30:00

Summary

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20232 vulnerability.

References

CVE-2021-20244: A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted…

Published: 2021-03-09T19:15:00 Last Modified: 2021-03-25T18:45:00

Summary

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-369: Divide By Zero

CWE Description: The product divides a value by zero.

Scores

Impact Score: 6.9
Exploitability Score: 8.6
CVSS: 7.1
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20244 vulnerability.

References

CVE-2021-20245: A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is…

Published: 2021-03-09T19:15:00 Last Modified: 2022-01-01T18:02:00

Summary

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-369: Divide By Zero

CWE Description: The product divides a value by zero.

Scores

Impact Score: 6.9
Exploitability Score: 8.6
CVSS: 7.1
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20245 vulnerability.

References

CVE-2021-20246: A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file…

Published: 2021-03-09T19:15:00 Last Modified: 2021-03-25T18:46:00

Summary

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-369: Divide By Zero

CWE Description: The product divides a value by zero.

Scores

Impact Score: 6.9
Exploitability Score: 8.6
CVSS: 7.1
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20246 vulnerability.

References

CVE-2020-25639: A NULL pointer dereference flaw was found in the Linux kernel’s GPU Nouveau driver functionality…

Published: 2021-03-04T22:15:00 Last Modified: 2021-03-10T20:47:00

Summary

A NULL pointer dereference flaw was found in the Linux kernel’s GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-25639 vulnerability.

References

CVE-2021-3404: In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-…

Published: 2021-03-04T22:15:00 Last Modified: 2021-03-10T20:22:00

Summary

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3404 vulnerability.

References

CVE-2021-3403: In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a…

Published: 2021-03-04T22:15:00 Last Modified: 2021-03-10T20:24:00

Summary

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3403 vulnerability.

References

CVE-2021-20225: A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to…

Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00

Summary

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20225 vulnerability.

References

Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00

Summary

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20233 vulnerability.

References

CVE-2020-14372: A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of…

Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00

Summary

A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.

Common Weakness Enumeration (CWE): CWE-184: Incomplete List of Disallowed Inputs

CWE Description: The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.

Scores

Impact Score: 10.0
Exploitability Score: 1.9
CVSS: 6.2
CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: HIGH
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-14372 vulnerability.

References

CVE-2020-25632: A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the…

Published: 2021-03-03T17:15:00 Last Modified: 2021-12-16T20:42:00

Summary

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-25632 vulnerability.

References

CVE-2020-25647: A flaw was found in grub2 in versions prior to 2.06. During USB device initialization,…

Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00

Summary

A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-25647 vulnerability.

References

CVE-2020-27749: A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the…

Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00

Summary

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-121: Stack-based Buffer Overflow

CWE Description: A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-27749 vulnerability.

References

CVE-2020-27779: A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure…

Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00

Summary

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub’s memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-285: Improper Authorization

CWE Description: The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Scores

Impact Score: 10.0
Exploitability Score: 3.4
CVSS: 6.9
CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-27779 vulnerability.

References

CVE-2021-20229: A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT…

Published: 2021-02-23T18:15:00 Last Modified: 2021-06-09T15:01:00

Summary

A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.

Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20229 vulnerability.

References

CVE-2020-25657: A flaw was found in all released versions of m2crypto, where they are vulnerable to…

Published: 2021-01-12T15:15:00 Last Modified: 2021-04-07T14:58:00

Summary

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-25657 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1889823

CVE-2020-25678: A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in…

Published: 2021-01-08T18:15:00 Last Modified: 2021-05-28T19:42:00

Summary

A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.

Common Weakness Enumeration (CWE): CWE-312: Cleartext Storage of Sensitive Information

CWE Description: The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-25678 vulnerability.

References

CVE-2020-27846: A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to…

Published: 2020-12-21T16:15:00 Last Modified: 2021-03-31T15:17:00

Summary

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Common Weakness Enumeration (CWE): CWE-115: Misinterpretation of Input

CWE Description: The software misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-27846 vulnerability.

References

CVE-2020-27781: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila,…

Published: 2020-12-18T21:15:00 Last Modified: 2021-06-03T18:40:00

Summary

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even “admin” users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.

Common Weakness Enumeration (CWE): CWE-522: Insufficiently Protected Credentials

CWE Description: The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Scores

Impact Score: 4.9
Exploitability Score: 3.9
CVSS: 3.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-27781 vulnerability.

References

CVE-2020-25660: A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before…

Published: 2020-11-23T22:15:00 Last Modified: 2021-05-28T19:43:00

Summary

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.

Common Weakness Enumeration (CWE): CWE-294: Authentication Bypass by Capture-replay

CWE Description: A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

Scores

Impact Score: 6.4
Exploitability Score: 6.5
CVSS: 5.8
CVSS Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: ADJACENT_NETWORK

Currently, there is no code for exploiting the CVE-2020-25660 vulnerability.

References

CVE-2020-25658: It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use…

Published: 2020-11-12T14:15:00 Last Modified: 2022-01-01T18:18:00

Summary

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

Common Weakness Enumeration (CWE): CWE-385: Covert Timing Channel

CWE Description: Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-25658 vulnerability.

References

CVE-2020-25648: A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw…

Published: 2020-10-20T22:15:00 Last Modified: 2021-12-07T19:58:00

Summary

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling

CWE Description: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-25648 vulnerability.

References

CVE-2020-14370: An information disclosure vulnerability was found in containers/podman in versions before 2.0.5….

Published: 2020-09-23T13:15:00 Last Modified: 2021-11-04T16:36:00

Summary

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.

Common Weakness Enumeration (CWE): CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer

CWE Description: The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-14370 vulnerability.

References

CVE-2020-14382: A vulnerability was found in upstream release cryptsetup-2.2.0 where, there’s a bug in LUKS2…

Published: 2020-09-16T15:15:00 Last Modified: 2022-01-01T18:39:00

Summary

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there’s a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file ’lib/luks2/luks2_json_metadata.c’ in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement “intervals = malloc(first_backup * sizeof(*intervals));”). Due to the bug, library can be tricked to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-14382 vulnerability.

References

CVE-2020-14364: An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions…

Published: 2020-08-31T18:15:00 Last Modified: 2020-11-11T06:15:00

Summary

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice ‘setup_len’ exceeds its ‘data_buf[4096]’ in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 3.4
CVSS: 4.4
CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-14364 vulnerability.

References

CVE-2020-14352: A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was…

Published: 2020-08-30T15:15:00 Last Modified: 2020-11-09T14:28:00

Summary

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Scores

Impact Score: 10.0
Exploitability Score: 6.8
CVSS: 8.5
CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-14352 vulnerability.

References

CVE-2020-15114: In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for…

Published: 2020-08-06T23:15:00 Last Modified: 2021-11-18T18:31:00

Summary

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.

Common Weakness Enumeration (CWE): CWE-772: Missing Release of Resource after Effective Lifetime

CWE Description: The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-15114 vulnerability.

References

CVE-2020-15136: In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to…

Published: 2020-08-06T23:15:00 Last Modified: 2021-11-18T18:31:00

Summary

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the –endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality.

Common Weakness Enumeration (CWE): CWE-306: Missing Authentication for Critical Function

CWE Description: The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-15136 vulnerability.

References

CVE-2020-10730: A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in…

Published: 2020-07-07T14:15:00 Last Modified: 2021-04-02T16:15:00

Summary

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-10730 vulnerability.

References

CVE-2020-10753: A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is…

Published: 2020-06-26T15:15:00 Last Modified: 2021-10-26T20:13:00

Summary

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.

Common Weakness Enumeration (CWE): CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Response Splitting’)

CWE Description: The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-10753 vulnerability.

References

CVE-2020-10757: A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge…

Published: 2020-06-09T13:15:00 Last Modified: 2021-07-21T11:39:00

Summary

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

Common Weakness Enumeration (CWE): CWE-843: Access of Resource Using Incompatible Type (‘Type Confusion’)

CWE Description: The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Scores

Impact Score: 10.0
Exploitability Score: 3.4
CVSS: 6.9
CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10757 vulnerability.

References

CVE-2020-10749: A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6,…

Published: 2020-06-03T14:15:00 Last Modified: 2021-05-05T13:57:00

Summary

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

Scores

Impact Score: 6.4
Exploitability Score: 6.8
CVSS: 6.0
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-10749 vulnerability.

References

CVE-2020-1695: A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x…

Published: 2020-05-19T15:15:00 Last Modified: 2022-01-01T17:33:00

Summary

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server’s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-1695 vulnerability.

References

CVE-2020-1760: A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user…

Published: 2020-04-23T15:15:00 Last Modified: 2021-09-16T15:46:00

Summary

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-1760 vulnerability.

References

CVE-2020-1730: A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR…

Published: 2020-04-13T19:15:00 Last Modified: 2021-09-14T13:39:00

Summary

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn’t been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-1730 vulnerability.

References

CVE-2020-1759: A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2…

Published: 2020-04-13T13:15:00 Last Modified: 2021-08-04T17:15:00

Summary

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.

Common Weakness Enumeration (CWE): CWE-323: Reusing a Nonce, Key Pair in Encryption

CWE Description: Nonces should be used for the present occasion and only once.

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-1759 vulnerability.

References

CVE-2019-14905: A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8,…

Published: 2020-03-31T17:15:00 Last Modified: 2021-11-02T18:09:00

Summary

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible’s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

Common Weakness Enumeration (CWE): CWE-668: Exposure of Resource to Wrong Sphere

CWE Description: The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-14905 vulnerability.

References

CVE-2020-10684: A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9…

Published: 2020-03-24T14:15:00 Last Modified: 2021-12-20T22:54:00

Summary

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.

Common Weakness Enumeration (CWE): CWE-862: Missing Authorization

CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

Scores

Impact Score: 4.9
Exploitability Score: 3.9
CVSS: 3.6
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10684 vulnerability.

References

CVE-2020-1739: A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a…

Published: 2020-03-12T18:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument “password” of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 4.9
Exploitability Score: 3.4
CVSS: 3.3
CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1739 vulnerability.

References

CVE-2020-1733: A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and…

Published: 2020-03-11T19:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with “umask 77 && mkdir -p

”; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating ‘/proc//cmdline’.

Common Weakness Enumeration (CWE): CWE-377: Insecure Temporary File

CWE Description: Creating and using insecure temporary files can leave application and system data vulnerable to attack.

Scores

Impact Score: 6.4
Exploitability Score: 1.9
CVSS: 3.7
CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1733 vulnerability.

References

CVE-2014-8089: SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before…

Published: 2020-02-17T22:15:00 Last Modified: 2020-02-20T15:04:00

Summary

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

Common Weakness Enumeration (CWE): CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-8089 vulnerability.

References

CVE-2020-8945: The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as…

Published: 2020-02-12T18:15:00 Last Modified: 2020-07-24T03:15:00

Summary

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-8945 vulnerability.

References

CVE-2020-6402: Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87…

Published: 2020-02-11T15:15:00 Last Modified: 2021-09-16T13:16:00

Summary

Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-6402 vulnerability.

References

CVE-2015-6815: The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process…

Published: 2020-01-31T22:15:00 Last Modified: 2021-11-30T19:50:00

Summary

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)

CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Scores

Impact Score: 2.9
Exploitability Score: 5.1
CVSS: 2.7
CVSS Vector: AV:A/AC:L/Au:S/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: ADJACENT_NETWORK

Currently, there is no code for exploiting the CVE-2015-6815 vulnerability.

References

CVE-2011-4088: ABRT might allow attackers to obtain sensitive information from crash reports.

Published: 2020-01-31T17:15:00 Last Modified: 2020-02-05T19:01:00

Summary

ABRT might allow attackers to obtain sensitive information from crash reports.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-4088 vulnerability.

References

CVE-2019-20444: HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which…

Published: 2020-01-29T21:15:00 Last Modified: 2021-09-14T12:45:00

Summary

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an “invalid fold.”

Common Weakness Enumeration (CWE): CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)

CWE Description: When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to “smuggle” a request to one device without the other device being aware of it.

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-20444 vulnerability.

References

CVE-2019-20445: HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by…

Published: 2020-01-29T21:15:00 Last Modified: 2021-09-14T12:45:00

Summary

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

Common Weakness Enumeration (CWE): CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-20445 vulnerability.

References

CVE-2020-7238: Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding…

Published: 2020-01-27T17:15:00 Last Modified: 2021-05-27T16:21:00

Summary

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.

Common Weakness Enumeration (CWE): CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-7238 vulnerability.

References

CVE-2019-14907: All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an…

Published: 2020-01-21T18:15:00 Last Modified: 2021-05-29T13:15:00

Summary

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with “log level = 3” (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 4.9
CVSS: 2.6
CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14907 vulnerability.

References

CVE-2020-6377: Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to…

Published: 2020-01-10T22:15:00 Last Modified: 2021-07-21T11:39:00

Summary

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-6377 vulnerability.

References

CVE-2012-4451: Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow…

Published: 2020-01-03T17:15:00 Last Modified: 2020-01-14T18:51:00

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-4451 vulnerability.

References

CVE-2012-5474: The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS…

Published: 2019-12-30T20:15:00 Last Modified: 2021-03-09T14:45:00

Summary

The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.

Common Weakness Enumeration (CWE): CWE-311: Missing Encryption of Sensitive Data

CWE Description: The software does not encrypt sensitive or critical information before storage or transmission.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2012-5474 vulnerability.

References

CVE-2019-16775: Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible…

Published: 2019-12-13T01:15:00 Last Modified: 2021-10-20T11:15:00

Summary

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user’s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the –ignore-scripts install option.

Common Weakness Enumeration (CWE): CWE-61: UNIX Symbolic Link (Symlink) Following

CWE Description: The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-16775 vulnerability.

References

CVE-2019-16776: Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to…

Published: 2019-12-13T01:15:00 Last Modified: 2020-10-07T16:49:00

Summary

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user’s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the –ignore-scripts install option.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Scores

Impact Score: 4.9
Exploitability Score: 8.0
CVSS: 5.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-16776 vulnerability.

References

CVE-2019-16777: Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails…

Published: 2019-12-13T01:15:00 Last Modified: 2020-10-09T13:36:00

Summary

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the –ignore-scripts install option.

Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management

CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Scores

Impact Score: 4.9
Exploitability Score: 8.0
CVSS: 5.5
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-16777 vulnerability.

References

CVE-2019-13730: Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to…

Published: 2019-12-10T22:15:00 Last Modified: 2022-01-01T20:07:00

Summary

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-843: Access of Resource Using Incompatible Type (‘Type Confusion’)

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-13730 vulnerability.

References

CVE-2013-2166: python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

Published: 2019-12-10T15:15:00 Last Modified: 2020-08-18T15:05:00

Summary

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

Common Weakness Enumeration (CWE): CWE-326: Inadequate Encryption Strength

CWE Description: The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-2166 vulnerability.

References

CVE-2019-19334: In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way…

Published: 2019-12-06T16:15:00 Last Modified: 2019-12-18T18:15:00

Summary

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type “identityref”. An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-19334 vulnerability.

References

CVE-2019-5544: OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has…

Published: 2019-12-06T16:15:00 Last Modified: 2022-02-03T19:50:00

Summary

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5544 vulnerability.

References

CVE-2013-4235: shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Published: 2019-12-03T15:15:00 Last Modified: 2021-02-25T17:15:00

Summary

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

Scores

Impact Score: 4.9
Exploitability Score: 3.4
CVSS: 3.3
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2013-4235 vulnerability.

References

CVE-2019-18660: The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB…

Published: 2019-11-27T23:15:00 Last Modified: 2020-01-28T19:47:00

Summary

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 3.4
CVSS: 1.9
CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-18660 vulnerability.

References

CVE-2016-4980: A password generation weakness exists in xquest through 2016-06-13.

Published: 2019-11-27T16:15:00 Last Modified: 2020-01-09T21:15:00

Summary

A password generation weakness exists in xquest through 2016-06-13.

Common Weakness Enumeration (CWE): CWE-330: Use of Insufficiently Random Values

CWE Description: The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Scores

Impact Score: 2.9
Exploitability Score: 3.4
CVSS: 1.9
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2016-4980 vulnerability.

References

CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32,…

Published: 2019-11-27T09:15:00 Last Modified: 2020-01-03T11:15:00

Summary

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14896 vulnerability.

References

CVE-2012-5644: libuser has information disclosure when moving user’s home directory

Published: 2019-11-25T15:15:00 Last Modified: 2020-08-18T15:05:00

Summary

libuser has information disclosure when moving user’s home directory

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

Impact

Availability: NONE
Confidentiality: COMPLETE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2012-5644 vulnerability.

References

CVE-2019-13723: Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker…

Published: 2019-11-25T15:15:00 Last Modified: 2020-08-24T17:37:00

Summary

Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-13723 vulnerability.

References

CVE-2012-5630: libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and…

Published: 2019-11-25T14:15:00 Last Modified: 2019-12-04T15:43:00

Summary

libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.

Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

Scores

Impact Score: 4.9
Exploitability Score: 3.4
CVSS: 3.3
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2012-5630 vulnerability.

References

Published: 2019-11-25T11:15:00 Last Modified: 2020-02-28T18:10:00

Summary

A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.

Common Weakness Enumeration (CWE): CWE-754: Improper Check for Unusual or Exceptional Conditions

CWE Description: The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

Scores

Impact Score: 6.4
Exploitability Score: 6.8
CVSS: 6.0
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14891 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14891

CVE-2019-11287: Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for…

Published: 2019-11-23T00:15:00 Last Modified: 2021-08-04T17:15:00

Summary

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The “X-Reason” HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

Common Weakness Enumeration (CWE): CWE-134: Use of Externally-Controlled Format String

CWE Description: The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-11287 vulnerability.

References

CVE-2015-7810: libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

Published: 2019-11-22T15:15:00 Last Modified: 2020-08-18T15:05:00

Summary

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

Scores

Impact Score: 4.9
Exploitability Score: 3.4
CVSS: 3.3
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2015-7810 vulnerability.

References

CVE-2013-1817: MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which…

Published: 2019-11-20T20:15:00 Last Modified: 2019-11-21T14:54:00

Summary

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-1817 vulnerability.

References

CVE-2013-1816: MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of…

Published: 2019-11-20T20:15:00 Last Modified: 2019-11-21T14:58:00

Summary

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-1816 vulnerability.

References

CVE-2012-6136: tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill…

Published: 2019-11-20T15:15:00 Last Modified: 2020-08-18T15:05:00

Summary

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

Common Weakness Enumeration (CWE): CWE-276: Incorrect Default Permissions

CWE Description: During installation, installed file permissions are set to allow anyone to modify those files.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2012-6136 vulnerability.

References

CVE-2014-5118: Trusted Boot (tboot) before 1.8.2 has a ’loader.c’ Security Bypass Vulnerability

Published: 2019-11-18T23:15:00 Last Modified: 2020-01-10T14:15:00

Summary

Trusted Boot (tboot) before 1.8.2 has a ’loader.c’ Security Bypass Vulnerability

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2014-5118 vulnerability.

References

CVE-2019-19066: A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux…

Published: 2019-11-18T06:15:00 Last Modified: 2021-06-14T18:15:00

Summary

A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.

Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime

CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Scores

Impact Score: 6.9
Exploitability Score: 3.4
CVSS: 4.7
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-19066 vulnerability.

References

CVE-2019-19072: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the…

Published: 2019-11-18T06:15:00 Last Modified: 2020-08-24T17:37:00

Summary

A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.

Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime

CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-19072 vulnerability.

References

CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel…

Published: 2019-11-18T06:15:00 Last Modified: 2020-08-24T17:37:00

Summary

A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.

Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime

CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Scores

Impact Score: 6.9
Exploitability Score: 3.4
CVSS: 4.7
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-19062 vulnerability.

References

CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in…

Published: 2019-11-18T06:15:00 Last Modified: 2020-08-24T17:37:00

Summary

A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.

Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime

CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-19068 vulnerability.

References

CVE-2019-19012: An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before…

Published: 2019-11-17T18:15:00 Last Modified: 2020-08-24T17:37:00

Summary

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.

Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-19012 vulnerability.

References

CVE-2011-2726: An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the…

Published: 2019-11-15T17:15:00 Last Modified: 2019-12-03T19:49:00

Summary

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.

Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-2726 vulnerability.

References

CVE-2018-12207: Improper invalidation for page table updates by a virtual guest operating system for multiple…

Published: 2019-11-14T20:15:00 Last Modified: 2020-07-15T03:15:00

Summary

Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2018-12207 vulnerability.

References

CVE-2019-14818: A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before…

Published: 2019-11-14T17:15:00 Last Modified: 2021-11-02T18:28:00

Summary

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.

Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime

CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14818 vulnerability.

References

CVE-2012-1156: Moodle before 2.2.2 has users’ private files included in course backups

Published: 2019-11-14T16:15:00 Last Modified: 2019-11-22T18:41:00

Summary

Moodle before 2.2.2 has users’ private files included in course backups

Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File

CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-1156 vulnerability.

References

CVE-2012-1168: Moodle before 2.2.2 has a password and web services issue where when the user profile is updated…

Published: 2019-11-14T16:15:00 Last Modified: 2019-11-22T18:32:00

Summary

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-1168 vulnerability.

References

CVE-2012-1155: Moodle has a database activity export permission issue where the export function of the database…

Published: 2019-11-14T16:15:00 Last Modified: 2019-11-22T18:44:00

Summary

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-1155 vulnerability.

References

CVE-2010-4661: udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.

Published: 2019-11-13T21:15:00 Last Modified: 2019-11-18T19:30:00

Summary

udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.

Common Weakness Enumeration (CWE): CWE-434: Unrestricted Upload of File with Dangerous Type

CWE Description: This can be resultant from client-side enforcement (CWE-602); some products will include web script in web clients to check the filename, without verifying on the server side.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2010-4661 vulnerability.

References

CVE-2013-1820: tuned before 2.x allows local users to kill running processes due to insecure permissions with…

Published: 2019-11-08T15:15:00 Last Modified: 2019-11-14T15:43:00

Summary

tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned’s ktune service.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.9
Exploitability Score: 3.4
CVSS: 4.7
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2013-1820 vulnerability.

References

CVE-2019-10222: A flaw was found in the Ceph RGW configuration with Beast as the front end handling client…

Published: 2019-11-08T15:15:00 Last Modified: 2020-12-04T18:15:00

Summary

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.

Common Weakness Enumeration (CWE): CWE-755: Improper Handling of Exceptional Conditions

CWE Description: The software does not handle or incorrectly handles an exceptional condition.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-10222 vulnerability.

References

CVE-2019-18811: A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux…

Published: 2019-11-07T16:15:00 Last Modified: 2020-08-24T17:37:00

Summary

A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1.

Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime

CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-18811 vulnerability.

References

CVE-2016-1000037: Pagure: XSS possible in file attachment endpoint

Published: 2019-11-06T19:15:00 Last Modified: 2019-11-08T17:43:00

Summary

Pagure: XSS possible in file attachment endpoint

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-1000037 vulnerability.

References

CVE-2013-5123: The mirroring support (-M, –use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and…

Published: 2019-11-05T22:15:00 Last Modified: 2019-11-12T19:51:00

Summary

The mirroring support (-M, –use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2013-5123 vulnerability.

phlyLabs phlyMail Lite 4.03.04 - 'go' Open Redirect by LiquidWorm at 2013-01-13

References

CVE-2013-4409: An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review…

Published: 2019-11-04T21:15:00 Last Modified: 2019-11-08T21:34:00

Summary

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-4409 vulnerability.

References

CVE-2015-8980: The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote…

Published: 2019-11-04T21:15:00 Last Modified: 2019-11-06T14:30:00

Summary

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-8980 vulnerability.

References

CVE-2013-4251: The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

Published: 2019-11-04T20:15:00 Last Modified: 2019-11-08T18:51:00

Summary

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management

CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2013-4251 vulnerability.

References

CVE-2013-4751: php-symfony2-Validator has loss of information during serialization

Published: 2019-11-01T13:15:00 Last Modified: 2019-11-06T15:53:00

Summary

php-symfony2-Validator has loss of information during serialization

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 4.9
Exploitability Score: 6.8
CVSS: 4.9
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-4751 vulnerability.

References

CVE-2019-17596: Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic…

Published: 2019-10-24T22:15:00 Last Modified: 2021-11-30T19:42:00

Summary

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

Common Weakness Enumeration (CWE): CWE-436: Interpretation Conflict

CWE Description: Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B’s state.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-17596 vulnerability.

References

CVE-2019-15166: lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.

Published: 2019-10-03T17:15:00 Last Modified: 2021-09-23T20:15:00

Summary

lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-15166 vulnerability.

References

CVE-2018-14462: The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14462 vulnerability.

References

CVE-2018-14463: The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14463 vulnerability.

References

CVE-2018-14469: The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14469 vulnerability.

References

CVE-2018-14461: The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14461 vulnerability.

References

CVE-2018-14467: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14467 vulnerability.

References

CVE-2018-14465: The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14465 vulnerability.

References

CVE-2018-14468: The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14468 vulnerability.

References

CVE-2018-14882: The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14882 vulnerability.

References

CVE-2018-14881: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14881 vulnerability.

References

CVE-2018-14470: The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14470 vulnerability.

References

CVE-2018-14464: The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14464 vulnerability.

References

CVE-2018-14466: The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14466 vulnerability.

References

CVE-2018-14879: The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14879 vulnerability.

References

CVE-2018-14880: The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14880 vulnerability.

References

CVE-2018-16227: The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-16227 vulnerability.

References

CVE-2018-16229: The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-16229 vulnerability.

References

CVE-2018-16451: The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-16451 vulnerability.

References

CVE-2018-16228: The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-16228 vulnerability.

References

CVE-2018-16230: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-16230 vulnerability.

References

CVE-2019-16942: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10….

Published: 2019-10-01T17:15:00 Last Modified: 2021-07-20T23:15:00

Summary

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.

Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data

CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-16942 vulnerability.

References

CVE-2019-16943: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10….

Published: 2019-10-01T17:15:00 Last Modified: 2021-07-20T23:15:00

Summary

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data

CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-16943 vulnerability.

References

CVE-2019-16276: Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

Published: 2019-09-30T19:15:00 Last Modified: 2021-03-22T13:19:00

Summary

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

Common Weakness Enumeration (CWE): CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-16276 vulnerability.

References

CVE-2019-10092: In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting…

Published: 2019-09-26T16:15:00 Last Modified: 2021-09-09T01:05:00

Summary

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2019-10092 vulnerability.

Apache Httpd mod_proxy - Error Page Cross-Site Scripting by Sebastian Neef at 2019-10-14

References

CVE-2019-14821: An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way…

Published: 2019-09-19T18:15:00 Last Modified: 2021-06-02T15:22:00

Summary

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel’s KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer ‘struct kvm_coalesced_mmio’ object, wherein write indices ‘ring->first’ and ‘ring->last’ value could be supplied by a host user-space process. An unprivileged host user or process with access to ‘/dev/kvm’ device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-14821 vulnerability.

References

CVE-2019-14835: A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel’s…

Published: 2019-09-17T16:15:00 Last Modified: 2021-06-02T15:44:00

Summary

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel’s vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-14835 vulnerability.

References

CVE-2019-14540: A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is…

Published: 2019-09-15T22:15:00 Last Modified: 2021-02-22T21:38:00

Summary

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data

CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14540 vulnerability.

References

CVE-2019-16335: A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is…

Published: 2019-09-15T22:15:00 Last Modified: 2021-02-22T21:42:00

Summary

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data

CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-16335 vulnerability.

References

CVE-2019-9854: LibreOffice has a feature where documents can specify that pre-installed macros can be executed…

Published: 2019-09-06T19:15:00 Last Modified: 2020-08-24T17:37:00

Summary

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-9854 vulnerability.

References

CVE-2019-14813: A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where…

Published: 2019-09-06T14:15:00 Last Modified: 2020-10-16T13:20:00

Summary

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14813 vulnerability.

References

CVE-2019-14811: A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure…

Published: 2019-09-03T16:15:00 Last Modified: 2020-10-16T13:21:00

Summary

A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14811 vulnerability.

References

CVE-2019-14817: A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other…

Published: 2019-09-03T16:15:00 Last Modified: 2020-10-16T13:21:00

Summary

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14817 vulnerability.

References

CVE-2019-10086: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows…

Published: 2019-08-20T21:15:00 Last Modified: 2022-02-07T16:15:00

Summary

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data

CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-10086 vulnerability.

References

CVE-2019-9513: Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of…

Published: 2019-08-13T21:15:00 Last Modified: 2021-01-30T02:36:00

Summary

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

Scores

Impact Score: 6.9
Exploitability Score: 10.0
CVSS: 7.8
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-9513 vulnerability.

References

CVE-2019-9515: Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial…

Published: 2019-08-13T21:15:00 Last Modified: 2020-10-22T17:22:00

Summary

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling

Scores

Impact Score: 6.9
Exploitability Score: 10.0
CVSS: 7.8
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-9515 vulnerability.

References

redhat/fedora Vulnerability Summary

redhat/fedora Vulnerability List

CVE-2021-45417: AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such…

CVE-2022-21682: Flatpak is a Linux application sandboxing and distribution framework. A path traversal…

CVE-2021-43860: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3…

CVE-2021-41819: CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also…

CVE-2021-41817: Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of…

CVE-2021-4166: vim is vulnerable to Out-of-bounds Read

CVE-2021-3621: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via…

CVE-2021-3622: A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted…

CVE-2021-4024: A flaw was found in podman. The podman machine function (used to create and manage Podman…

CVE-2021-45463: load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command…

CVE-2021-44733: A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through…

CVE-2021-45078: stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a…

CVE-2021-4104: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has…

CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in…

CVE-2021-3802: A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image…

CVE-2021-3672: A flaw was found in c-ares library, where a missing input validation check of host names returned…

CVE-2021-3935: When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can…

CVE-2021-3746: A flaw was found in the libtpms code that may cause access beyond the boundary of internal…

CVE-2021-32672: Redis is an open source, in-memory database that persists on disk. When using the Redis Lua…

CVE-2021-39251: A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G <…

CVE-2021-33285: In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the…

CVE-2021-3634: A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two…

CVE-2021-40153: squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory…

CVE-2021-3573: A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found…

CVE-2021-3635: A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A…

CVE-2021-20314: Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can…

CVE-2021-3570: A flaw was found in the ptp4l program of the linuxptp package. A missing length check when…

CVE-2021-3571: A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a…

CVE-2021-3612: An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem in…

CVE-2021-3592: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….

CVE-2021-3593: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….

CVE-2021-3594: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….

CVE-2021-3595: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….

CVE-2021-3532: A flaw was found in Ansible where the secret information present in async_files are getting…

CVE-2021-3533: A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a…

CVE-2021-3565: A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a…

CVE-2021-3516: There’s a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who is able to submit…

CVE-2021-3543: A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that…

CVE-2021-20236: A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious…

CVE-2021-20239: A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw…

CVE-2021-20292: There is a flaw reported in the Linux kernel in versions before 5.9 in…

CVE-2020-25710: A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a…

CVE-2021-30501: An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow…

CVE-2021-30500: Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version…

CVE-2021-30471: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary…

CVE-2021-30469: A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function…

CVE-2021-30470: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(),…

CVE-2021-20297: A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a…

CVE-2021-20178: A flaw was found in ansible module where credentials are disclosed in the console log by default…

CVE-2021-3426: There’s a flaw in Python 3’s pydoc. A local or adjacent attacker who discovers or is able to…

CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who…

CVE-2021-3445: A flaw was found in libdnf’s signature verification functionality in versions before 0.60.1. This…

CVE-2021-3517: There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An…

CVE-2021-3518: There’s a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted…

CVE-2021-3531: A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a…

CVE-2021-3524: A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before…

CVE-2020-27769: In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of…

CVE-2021-3537: A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors…

CVE-2020-27824: A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This…

CVE-2021-3504: A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of…

CVE-2021-20254: A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs)…

CVE-2021-3472: A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in…

CVE-2021-20208: A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file…

CVE-2021-3505: A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit…

CVE-2021-20288: An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles…

CVE-2021-3487: There’s a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a…

CVE-2021-3482: A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation…

CVE-2021-3448: A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for…

CVE-2021-20305: A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification…

CVE-2021-20291: A deadlock vulnerability was found in ‘github.com/containers/storage’ in versions before 1.28.1….

CVE-2021-3447: A flaw was found in several ansible modules, where parameters containing credentials, such as…

CVE-2021-20271: A flaw was found in RPM’s signature check functionality when reading a package file. This flaw…

CVE-2021-3443: A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled…

CVE-2021-3446: A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms…

CVE-2021-3466: A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function…

CVE-2021-3409: The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU…

CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when…

CVE-2019-10196: A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent…

CVE-2021-4024: A flaw was found in podman. The `podman machine` function (used to create and manage Podman…