Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3528 | 1 Redhat | 1 Noobaa-operator | 2021-06-02 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration. | |||||
| CVE-2019-19070 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2021-06-02 | 7.8 HIGH | 7.5 HIGH |
| ** DISPUTED ** A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began. | |||||
| CVE-2019-8912 | 4 Canonical, Linux, Opensuse and 1 more | 4 Ubuntu Linux, Linux Kernel, Leap and 1 more | 2021-06-02 | 7.2 HIGH | 7.8 HIGH |
| In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. | |||||
| CVE-2021-20236 | 3 Fedoraproject, Redhat, Zeromq | 4 Fedora, Ceph Storage, Enterprise Linux and 1 more | 2021-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2019-8980 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2021-06-02 | 7.8 HIGH | 7.5 HIGH |
| A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. | |||||
| CVE-2020-29534 | 1 Linux | 1 Linux Kernel | 2021-06-02 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94. | |||||
| CVE-2019-9003 | 4 Canonical, Linux, Netapp and 1 more | 8 Ubuntu Linux, Linux Kernel, Cn1610 and 5 more | 2021-06-02 | 7.8 HIGH | 7.5 HIGH |
| In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop. | |||||
| CVE-2021-20239 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2021-06-02 | 2.1 LOW | 3.3 LOW |
| A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2018-20784 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2021-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. | |||||
| CVE-2019-10125 | 2 Linux, Netapp | 7 Linux Kernel, Active Iq Unified Manager, Cn1610 and 4 more | 2021-06-02 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free. | |||||
| CVE-2019-14821 | 8 Canonical, Debian, Fedoraproject and 5 more | 38 Ubuntu Linux, Debian Linux, Fedora and 35 more | 2021-06-02 | 7.2 HIGH | 8.8 HIGH |
| An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. | |||||
| CVE-2019-15538 | 6 Canonical, Debian, Fedoraproject and 3 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2021-06-02 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. | |||||
| CVE-2019-12615 | 2 Linux, Netapp | 10 Linux Kernel, Active Iq Unified Manager, Aff A700s and 7 more | 2021-06-02 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). | |||||
| CVE-2021-20240 | 2 Fedoraproject, Gnome | 2 Fedora, Gdk-pixbuf | 2021-06-02 | 8.3 HIGH | 8.8 HIGH |
| A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-20278 | 1 Kiali | 1 Kiali | 2021-06-02 | 5.8 MEDIUM | 6.5 MEDIUM |
| An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn't occur, and this allows a malicious user to bypass the authentication. | |||||
| CVE-2020-36244 | 1 Genivi | 1 Diagnostic Log And Trace | 2021-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6). | |||||
| CVE-2021-27850 | 1 Apache | 1 Tapestry | 2021-06-02 | 10.0 HIGH | 9.8 CRITICAL |
| A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later. | |||||
| CVE-2021-26296 | 2 Apache, Netapp | 2 Myfaces, Oncommand Insight | 2021-06-02 | 5.1 MEDIUM | 7.5 HIGH |
| In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application. | |||||
| CVE-2021-21201 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-06-02 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21199 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-06-02 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-22716 | 1 Schneider-electric | 1 C-bus Toolkit | 2021-06-02 | 4.6 MEDIUM | 7.8 HIGH |
| A CWE-269: Improper Privilege Management vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when an unprivileged user modifies a file. | |||||
| CVE-2021-22717 | 1 Schneider-electric | 1 C-bus Toolkit | 2021-06-02 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when processing config files. | |||||
| CVE-2021-22718 | 1 Schneider-electric | 1 C-bus Toolkit | 2021-06-02 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring project files. | |||||
| CVE-2021-22719 | 1 Schneider-electric | 1 C-bus Toolkit | 2021-06-02 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when a file is uploaded. | |||||
| CVE-2021-24187 | 1 Clogica | 1 Seo Redirection | 2021-06-02 | 3.5 LOW | 5.4 MEDIUM |
| The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute. | |||||
| CVE-2013-4161 | 2 Fedoraproject, Gksu-polkit Project | 2 Fedora, Gksu-polkit | 2021-06-02 | 7.2 HIGH | 7.8 HIGH |
| gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. | |||||
| CVE-2012-5617 | 2 Fedoraproject, Gksu-polkit Project | 2 Fedora, Gksu-polkit | 2021-06-02 | 7.2 HIGH | 7.8 HIGH |
| gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation | |||||
| CVE-2020-14814 | 1 Oracle | 1 Mysql | 2021-06-02 | 6.8 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2020-14785 | 3 Fedoraproject, Netapp, Oracle | 6 Fedora, Active Iq Unified Manager, Oncommand Insight and 3 more | 2021-06-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2021-1870 | 3 Apple, Fedoraproject, Webkitgtk | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2021-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2021-1801 | 3 Apple, Fedoraproject, Webkitgtk | 7 Ipad Os, Iphone Os, Macos and 4 more | 2021-06-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. | |||||
| CVE-2021-1799 | 3 Apple, Fedoraproject, Webkitgtk | 8 Ipad Os, Iphone Os, Macos and 5 more | 2021-06-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. | |||||
| CVE-2021-1789 | 3 Apple, Fedoraproject, Webkitgtk | 8 Ipados, Iphone Os, Mac Os X and 5 more | 2021-06-02 | 6.8 MEDIUM | 8.8 HIGH |
| A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-1765 | 3 Apple, Fedoraproject, Webkitgtk | 4 Mac Os X, Macos, Fedora and 1 more | 2021-06-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. | |||||
| CVE-2020-29623 | 3 Apple, Fedoraproject, Webkitgtk | 7 Ipados, Iphone Os, Mac Os X and 4 more | 2021-06-02 | 2.1 LOW | 3.3 LOW |
| "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. | |||||
| CVE-2021-26940 | 2021-06-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-33500. Reason: This candidate is a reservation duplicate of CVE-2021-33500. Notes: All CVE users should reference CVE-2021-33500 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2021-20291 | 3 Fedoraproject, Redhat, Storage Project | 4 Fedora, Enterprise Linux, Openshift Container Platform and 1 more | 2021-06-02 | 7.1 HIGH | 6.5 MEDIUM |
| A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS). | |||||
| CVE-2021-29252 | 1 Rsa | 1 Archer | 2021-06-01 | 3.5 LOW | 5.4 MEDIUM |
| RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user with access to modify link name fields could potentially exploit this vulnerability to execute code in a victim's browser. | |||||
| CVE-2021-20727 | 1 Zettlr | 1 Zettlr | 2021-06-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr. | |||||
| CVE-2021-3486 | 1 Glpi-project | 1 Glpi | 2021-06-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code. | |||||
| CVE-2020-36308 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2021-06-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. | |||||
| CVE-2020-36307 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2021-06-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. | |||||
| CVE-2020-36306 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2021-06-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. | |||||
| CVE-2019-25026 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2021-06-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. | |||||
| CVE-2021-21204 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Mac Os X, Debian Linux, Fedora and 1 more | 2021-06-01 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-21203 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-06-01 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-21202 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-06-01 | 6.8 MEDIUM | 8.6 HIGH |
| Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2020-35314 | 1 Wondercms | 1 Wondercms | 2021-06-01 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | |||||
| CVE-2021-21197 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-06-01 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-21196 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2021-06-01 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||