|
2019-11-14
|
CVE-2019-11135
|
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
|
Ubuntu_linux, Debian_linux, Fedora, Apollo_2000_firmware, Apollo_4200_firmware, Proliant_bl460c_firmware, Proliant_dl120_firmware, Proliant_dl160_firmware, Proliant_dl180_firmware, Proliant_dl20_firmware, Proliant_dl360_firmware, Proliant_dl380_firmware, Proliant_dl560_firmware, Proliant_dl580_firmware, Proliant_e910_firmware, Proliant_ml110_firmware, Proliant_ml30_firmware, Proliant_ml350_firmware, Proliant_xl170r_firmware, Proliant_xl190r_firmware, Proliant_xl230k_firmware, Proliant_xl270d_firmware, Proliant_xl450_firmware, Synergy_480_firmware, Synergy_660_firmware, Celeron_5305u_firmware, Core_i5\-10110y_firmware, Core_i5\-10210u_firmware, Core_i5\-10210y_firmware, Core_i5\-10310y_firmware, Core_i5\-8200y_firmware, Core_i5\-8210y_firmware, Core_i5\-8265u_firmware, Core_i5\-8310y_firmware, Core_i5\-8365u_firmware, Core_i5\-9300h_firmware, Core_i5\-9400_firmware, Core_i5\-9400f_firmware, Core_i5\-9400h_firmware, Core_i5\-9600k_firmware, Core_i5\-9600kf_firmware, Core_i7\-10510u_firmware, Core_i7\-10510y_firmware, Core_i7\-8500y_firmware, Core_i7\-8565u_firmware, Core_i7\-8665u_firmware, Core_i7\-9700k_firmware, Core_i7\-9700kf_firmware, Core_i7\-9750hf_firmware, Core_i7\-9850h_firmware, Core_i9\-9880h_firmware, Core_i9\-9900k_firmware, Core_i9\-9900kf_firmware, Core_i9\-9980hk_firmware, Core_m3\-8100y_firmware, Pentium_6405u_firmware, Xeon_3204_firmware, Xeon_3206r_firmware, Xeon_4208_firmware, Xeon_4208r_firmware, Xeon_4209t_firmware, Xeon_4210_firmware, Xeon_4210r_firmware, Xeon_4214_firmware, Xeon_4214c_firmware, Xeon_4214r_firmware, Xeon_4214y_firmware, Xeon_4215_firmware, Xeon_4216_firmware, Xeon_4216r_firmware, Xeon_5215_firmware, Xeon_5215l_firmware, Xeon_5215m_firmware, Xeon_5215r_firmware, Xeon_5217_firmware, Xeon_5218_firmware, Xeon_5218b_firmware, Xeon_5218n_firmware, Xeon_5218t_firmware, Xeon_5220_firmware, Xeon_5220r_firmware, Xeon_5220s_firmware, Xeon_5220t_firmware, Xeon_5222_firmware, Xeon_6222v_firmware, Xeon_6226_firmware, Xeon_6230_firmware, Xeon_6230n_firmware, Xeon_6230t_firmware, Xeon_6234_firmware, Xeon_6238_firmware, Xeon_6238l_firmware, Xeon_6238m_firmware, Xeon_6238t_firmware, Xeon_6240_firmware, Xeon_6240l_firmware, Xeon_6240m_firmware, Xeon_6240y_firmware, Xeon_6242_firmware, Xeon_6244_firmware, Xeon_6246_firmware, Xeon_6248_firmware, Xeon_6252_firmware, Xeon_6252n_firmware, Xeon_6254_firmware, Xeon_6262v_firmware, Xeon_8253_firmware, Xeon_8256_firmware, Xeon_8260_firmware, Xeon_8260l_firmware, Xeon_8260m_firmware, Xeon_8260y_firmware, Xeon_8268_firmware, Xeon_8270_firmware, Xeon_8276_firmware, Xeon_8276l_firmware, Xeon_8276m_firmware, Xeon_8280_firmware, Xeon_8280l_firmware, Xeon_8280m_firmware, Xeon_9220_firmware, Xeon_9221_firmware, Xeon_9222_firmware, Xeon_9242_firmware, Xeon_9282_firmware, Xeon_e\-2278g_firmware, Xeon_e\-2278ge_firmware, Xeon_e\-2278gel_firmware, Xeon_e\-2286m_firmware, Xeon_e\-2288g_firmware, Xeon_w\-2223_firmware, Xeon_w\-2225_firmware, Xeon_w\-2235_firmware, Xeon_w\-2245_firmware, Xeon_w\-2255_firmware, Xeon_w\-2265_firmware, Xeon_w\-2275_firmware, Xeon_w\-2295_firmware, Xeon_w\-3223_firmware, Xeon_w\-3225_firmware, Xeon_w\-3235_firmware, Xeon_w\-3245_firmware, Xeon_w\-3245m_firmware, Xeon_w\-3265_firmware, Xeon_w\-3265m_firmware, Xeon_w\-3275_firmware, Xeon_w\-3275m_firmware, Leap, Zfs_storage_appliance_kit, Codeready_linux_builder, Codeready_linux_builder_eus, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization_manager, Slackware
|
6.5
|
|
|
|
2020-07-13
|
CVE-2019-20907
|
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
|
Ubuntu_linux, Debian_linux, Fedora, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, Leap, Zfs_storage_appliance_kit, Python
|
7.5
|
|
|
|
2020-08-07
|
CVE-2020-11984
|
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
|
Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Leap, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Zfs_storage_appliance_kit
|
9.8
|
|
|
|
2020-06-25
|
CVE-2019-20892
|
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.
|
Net\-Snmp, Zfs_storage_appliance_kit
|
6.5
|
|
|
|
2019-07-26
|
CVE-2019-13057
|
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB...
|
Mac_os_x, Ubuntu_linux, Debian_linux, Policy_auditor, Openldap, Leap, Blockchain_platform, Solaris, Zfs_storage_appliance_kit
|
4.9
|
|
|
|
2019-11-25
|
CVE-2019-14822
|
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.
|
Ubuntu_linux, Ibus, Zfs_storage_appliance_kit, Enterprise_linux
|
7.1
|
|
|
|
2020-04-28
|
CVE-2020-12243
|
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
|
Mac_os_x, Brocade_fabric_operating_system, Ubuntu_linux, Debian_linux, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Steelstore_cloud_integrated_storage, Openldap, Leap, Solaris, Zfs_storage_appliance_kit
|
7.5
|
|
|
|
2020-04-09
|
CVE-2020-11655
|
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
|
Ubuntu_linux, Debian_linux, Ontap_select_deploy_administration_utility, Communications_element_manager, Communications_messaging_server, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Mysql, Mysql_workbench, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite, Tenable\.sc
|
7.5
|
|
|
|
2020-04-09
|
CVE-2020-11656
|
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
|
Ontap_select_deploy_administration_utility, Communications_messaging_server, Communications_network_charging_and_control, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Mysql, Mysql_workbench, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite, Tenable\.sc
|
9.8
|
|
|
|
2019-02-12
|
CVE-2018-20781
|
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
|
Ubuntu_linux, Gnome_keyring, Zfs_storage_appliance_kit
|
7.8
|
|
|