RSS   Podatności dla 'Enterprise mrg'   RSS

2020-12-11
 
CVE-2020-27825

CWE-362
 

 
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.

 
 
CVE-2020-27786

CWE-416
 

 
A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.

 
2020-09-09
 
CVE-2020-1749

CWE-319
 

 
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

 
2020-05-12
 
CVE-2020-12826

CWE-190
 

 
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.

 
2020-05-08
 
CVE-2019-14898

CWE-667
 

 
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.

 
2020-02-19
 
CVE-2012-6685

CWE-776
 

 
Nokogiri before 1.5.4 is vulnerable to XXE attacks

 
2019-11-21
 
CVE-2012-3460

CWE-20
 

 
cumin: At installation postgresql database user created without password

 
2019-11-06
 
CVE-2014-8181

CWE-665
 

 
The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.

 
2019-11-05
 
CVE-2013-6461

CWE-776
 

 
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

 
 
CVE-2013-6460

CWE-776
 

 
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

 


Copyright 2021, cxsecurity.com

 

Back to Top