rpm - Page 98 - Security Headlines - AI Powered Cyber Security News Aggregator

CVE-2020-7071: FILTER_VALIDATE_URL accepts URLs with invalid userinfo

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.

4 years ago

CVE

Open in Source

#linux #git #php #alibaba #rpm

CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

4 years ago

CVE

Open in Source

#vulnerability #mac #windows #apple #ubuntu #linux #debian #js #git #oracle #kubernetes #aws #log4j #amd #auth #ssh #rpm #docker #ssl

CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

4 years ago

CVE

Open in Source

#vulnerability #mac #windows #apple #ubuntu #linux #debian #js #git #oracle #kubernetes #aws #log4j #amd #auth #ssh #rpm #docker #ssl

CVE-2020-28648: Nagios XI Change Log - Nagios

Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.

CVE-2020-25695: PostgreSQL: Security Information

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

4 years ago

CVE

Open in Source

#sql #vulnerability #windows #dos #js #buffer_overflow #auth #rpm #postgres #ssl

CVE-2020-8745: INTEL-SA-00391

Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

4 years ago

CVE

Open in Source

#vulnerability #web #windows #dos #intel #auth #rpm #chrome #firefox

CVE-2020-24303: grafana/CHANGELOG.md at main · grafana/grafana

Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.

CVE-2019-11556: Changelog — pagure documentation

Pagure before 5.6 allows XSS via the templates/blame.html blame view.

4 years ago

CVE

Open in Source

#sql #xss #csrf #web #mac #google #apache #redis #js #git #java #perl #nginx #auth #ssh #rpm #postgres #docker #chrome #ssl

CVE-2020-14356: kernel NULL pointer dereference in __cgroup_bpf_run_filter_skb

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.

CVE-2020-24368: icingaweb2/CHANGELOG.md at master · Icinga/icingaweb2

Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.

4 years ago

CVE

Open in Source

#sql #vulnerability #web #mac #windows #microsoft #ubuntu #linux #debian #apache #js #git #java #oracle #php #rce #perl #ldap #pdf #auth #ssh #rpm #postgres #chrome #firefox #sap #ssl

Tag

#rpm