2019-08-30
|
CVE-2019-12402
|
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
|
Commons_compress, Fedora, Banking_payments, Banking_platform, Communications_element_manager, Communications_ip_service_activator, Communications_session_report_manager, Communications_session_route_manager, Customer_management_and_segmentation_foundation, Essbase, Flexcube_investor_servicing, Flexcube_private_banking, Hyperion_infrastructure_technology, Jdeveloper, Peoplesoft_enterprise_pt_peopletools, Primavera_gateway, Retail_integration_bus, Retail_xstore_point_of_service, Webcenter_portal
|
7.5
|
|
|
2020-06-06
|
CVE-2020-13871
|
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
|
Debian_linux, Fedora, Cloud_backup, Ontap_select_deploy_administration_utility, Communications_messaging_server, Communications_network_charging_and_control, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Mysql_workbench, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite
|
7.5
|
|
|
2020-05-27
|
CVE-2020-13630
|
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
|
Icloud, Ipados, Iphone_os, Itunes, Macos, Tvos, Watchos, Fabric_operating_system, Ubuntu_linux, Debian_linux, Fedora, Cloud_backup, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Communications_network_charging_and_control, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite
|
7.0
|
|
|
2020-05-27
|
CVE-2020-13631
|
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
|
Icloud, Ipados, Iphone_os, Itunes, Macos, Tvos, Watchos, Fabric_operating_system, Ubuntu_linux, Fedora, Cloud_backup, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Communications_network_charging_and_control, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite
|
5.5
|
|
|
2020-05-27
|
CVE-2020-13632
|
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
|
Fabric_operating_system, Ubuntu_linux, Debian_linux, Fedora, Cloud_backup, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Communications_network_charging_and_control, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite
|
5.5
|
|
|
2020-12-14
|
CVE-2020-8284
|
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
|
Mac_os_x, Macos, Debian_linux, Fedora, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Curl, Clustered_data_ontap, Hci_bootstrap_os, Hci_management_node, Hci_storage_node, Solidfire, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Essbase, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services
|
3.7
|
|
|
2020-12-14
|
CVE-2020-8285
|
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
|
Mac_os_x, Macos, Debian_linux, Fedora, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Libcurl, Clustered_data_ontap, Hci_bootstrap_os, Hci_management_node, Hci_storage_node_firmware, Solidfire, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Essbase, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services
|
7.5
|
|
|
2020-12-14
|
CVE-2020-8286
|
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
|
Mac_os_x, Macos, Debian_linux, Fedora, Libcurl, Clustered_data_ontap, Hci_bootstrap_os, Hci_management_node, Hci_storage_node_firmware, Solidfire, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Essbase, Peoplesoft_enterprise_peopletools, Simatic_tim_1531_irc_firmware, Sinec_infrastructure_network_services
|
7.5
|
|
|
2021-03-03
|
CVE-2020-27749
|
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot...
|
Fedora, Grub2, Ontap_select_deploy_administration_utility, Enterprise_linux, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation
|
6.7
|
|
|
2021-03-03
|
CVE-2020-25632
|
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Fedora, Grub2, Ontap_select_deploy_administration_utility, Enterprise_linux, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation
|
8.2
|
|
|