|
2019-11-14
|
CVE-2019-11135
|
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
|
Ubuntu_linux, Debian_linux, Fedora, Apollo_2000_firmware, Apollo_4200_firmware, Proliant_bl460c_firmware, Proliant_dl120_firmware, Proliant_dl160_firmware, Proliant_dl180_firmware, Proliant_dl20_firmware, Proliant_dl360_firmware, Proliant_dl380_firmware, Proliant_dl560_firmware, Proliant_dl580_firmware, Proliant_e910_firmware, Proliant_ml110_firmware, Proliant_ml30_firmware, Proliant_ml350_firmware, Proliant_xl170r_firmware, Proliant_xl190r_firmware, Proliant_xl230k_firmware, Proliant_xl270d_firmware, Proliant_xl450_firmware, Synergy_480_firmware, Synergy_660_firmware, Celeron_5305u_firmware, Core_i5\-10110y_firmware, Core_i5\-10210u_firmware, Core_i5\-10210y_firmware, Core_i5\-10310y_firmware, Core_i5\-8200y_firmware, Core_i5\-8210y_firmware, Core_i5\-8265u_firmware, Core_i5\-8310y_firmware, Core_i5\-8365u_firmware, Core_i5\-9300h_firmware, Core_i5\-9400_firmware, Core_i5\-9400f_firmware, Core_i5\-9400h_firmware, Core_i5\-9600k_firmware, Core_i5\-9600kf_firmware, Core_i7\-10510u_firmware, Core_i7\-10510y_firmware, Core_i7\-8500y_firmware, Core_i7\-8565u_firmware, Core_i7\-8665u_firmware, Core_i7\-9700k_firmware, Core_i7\-9700kf_firmware, Core_i7\-9750hf_firmware, Core_i7\-9850h_firmware, Core_i9\-9880h_firmware, Core_i9\-9900k_firmware, Core_i9\-9900kf_firmware, Core_i9\-9980hk_firmware, Core_m3\-8100y_firmware, Pentium_6405u_firmware, Xeon_3204_firmware, Xeon_3206r_firmware, Xeon_4208_firmware, Xeon_4208r_firmware, Xeon_4209t_firmware, Xeon_4210_firmware, Xeon_4210r_firmware, Xeon_4214_firmware, Xeon_4214c_firmware, Xeon_4214r_firmware, Xeon_4214y_firmware, Xeon_4215_firmware, Xeon_4216_firmware, Xeon_4216r_firmware, Xeon_5215_firmware, Xeon_5215l_firmware, Xeon_5215m_firmware, Xeon_5215r_firmware, Xeon_5217_firmware, Xeon_5218_firmware, Xeon_5218b_firmware, Xeon_5218n_firmware, Xeon_5218t_firmware, Xeon_5220_firmware, Xeon_5220r_firmware, Xeon_5220s_firmware, Xeon_5220t_firmware, Xeon_5222_firmware, Xeon_6222v_firmware, Xeon_6226_firmware, Xeon_6230_firmware, Xeon_6230n_firmware, Xeon_6230t_firmware, Xeon_6234_firmware, Xeon_6238_firmware, Xeon_6238l_firmware, Xeon_6238m_firmware, Xeon_6238t_firmware, Xeon_6240_firmware, Xeon_6240l_firmware, Xeon_6240m_firmware, Xeon_6240y_firmware, Xeon_6242_firmware, Xeon_6244_firmware, Xeon_6246_firmware, Xeon_6248_firmware, Xeon_6252_firmware, Xeon_6252n_firmware, Xeon_6254_firmware, Xeon_6262v_firmware, Xeon_8253_firmware, Xeon_8256_firmware, Xeon_8260_firmware, Xeon_8260l_firmware, Xeon_8260m_firmware, Xeon_8260y_firmware, Xeon_8268_firmware, Xeon_8270_firmware, Xeon_8276_firmware, Xeon_8276l_firmware, Xeon_8276m_firmware, Xeon_8280_firmware, Xeon_8280l_firmware, Xeon_8280m_firmware, Xeon_9220_firmware, Xeon_9221_firmware, Xeon_9222_firmware, Xeon_9242_firmware, Xeon_9282_firmware, Xeon_e\-2278g_firmware, Xeon_e\-2278ge_firmware, Xeon_e\-2278gel_firmware, Xeon_e\-2286m_firmware, Xeon_e\-2288g_firmware, Xeon_w\-2223_firmware, Xeon_w\-2225_firmware, Xeon_w\-2235_firmware, Xeon_w\-2245_firmware, Xeon_w\-2255_firmware, Xeon_w\-2265_firmware, Xeon_w\-2275_firmware, Xeon_w\-2295_firmware, Xeon_w\-3223_firmware, Xeon_w\-3225_firmware, Xeon_w\-3235_firmware, Xeon_w\-3245_firmware, Xeon_w\-3245m_firmware, Xeon_w\-3265_firmware, Xeon_w\-3265m_firmware, Xeon_w\-3275_firmware, Xeon_w\-3275m_firmware, Leap, Zfs_storage_appliance_kit, Codeready_linux_builder, Codeready_linux_builder_eus, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization_manager, Slackware
|
6.5
|
|
|
|
2019-11-27
|
CVE-2019-10216
|
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
|
Ghostscript, 3scale_api_management, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation
|
7.8
|
|
|
|
2019-12-10
|
CVE-2019-13734
|
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
Ubuntu_linux, Debian_linux, Fedora, Chrome, Backports_sle, Communications_cloud_native_core_network_repository_function, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform, Package_hub
|
8.8
|
|
|
|
2019-12-19
|
CVE-2019-19906
|
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
|
Bookkeeper, Ipados, Iphone_os, Mac_os_x, Ubuntu_linux, Cyrus\-Sasl, Debian_linux, Fedora, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Jboss_enterprise_web_server
|
7.5
|
|
|
|
2019-09-20
|
CVE-2019-14814
|
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
|
Ubuntu_linux, Debian_linux, Linux_kernel, A220_firmware, A320_firmware, A700s_firmware, A800_firmware, C190_firmware, Data_availability_services, Fas2720_firmware, Fas2750_firmware, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Service_processor, Solidfire, Steelstore_cloud_integrated_storage, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Messaging_realtime_grid
|
7.8
|
|
|
|
2022-02-18
|
CVE-2016-2124
|
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
|
Ubuntu_linux, Debian_linux, Fedora, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_resilient_storage, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_tus, Enterprise_linux_workstation, Gluster_storage, Openstack, Virtualization_host, Samba
|
5.9
|
|
|
|
2014-03-19
|
CVE-2014-1505
|
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.
|
Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Seamonkey, Thunderbird, Suse_linux_enterprise_software_development_kit, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server
|
7.5
|
|
|
|
2015-04-01
|
CVE-2015-2808
|
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
|
Ubuntu_linux, Debian_linux, Sparc_enterprise_m3000_firmware, Sparc_enterprise_m4000_firmware, Sparc_enterprise_m5000_firmware, Sparc_enterprise_m8000_firmware, Sparc_enterprise_m9000_firmware, 9700_firmware, E6000_firmware, E9000_firmware, Oceanstor_18500_firmware, Oceanstor_18800_firmware, Oceanstor_18800f_firmware, Oceanstor_9000_firmware, Oceanstor_cse_firmware, Oceanstor_hvs85t_firmware, Oceanstor_replicationdirector, Oceanstor_s2600t_firmware, Oceanstor_s5500t_firmware, Oceanstor_s5600t_firmware, Oceanstor_s5800t_firmware, Oceanstor_s6800t_firmware, Oceanstor_vis6600t_firmware, Policy_center, Quidway_s9300_firmware, S12700_firmware, S2700_firmware, S2750_firmware, S3700_firmware, S5700ei_firmware, S5700hi_firmware, S5700li_firmware, S5700s\-Li_firmware, S5700si_firmware, S5710ei_firmware, S5710hi_firmware, S5720ei_firmware, S5720hi_firmware, S6700_firmware, S7700_firmware, Smc2\.0, Te60_firmware, Ultravr, Cognos_metrics_manager, Opensuse, Communications_application_session_controller, Communications_policy_management, Http_server, Integrated_lights_out_manager_firmware, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Manager
|
N/A
|
|
|
|
2019-05-07
|
CVE-2019-11811
|
An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.
|
Linux_kernel, Leap, Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation
|
7.0
|
|
|
|
2019-11-25
|
CVE-2019-14815
|
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
|
Linux_kernel, Altavault, Baseboard_management_controller, Hci, Solidfire, Solidfire_baseboard_management_controller_firmware, Steelstore, Codeready_linux_builder_eus, Codeready_linux_builder_for_power_little_endian_eus, Enterprise_linux, Enterprise_linux_for_ibm_z_systems_\(Structure_a\), Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus, Enterprise_linux_server_aus, Enterprise_linux_server_tus
|
7.8
|
|
|