Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

CVE
Open in Source
#vulnerability#mac#windows#apple#ubuntu#linux#debian#js#git#oracle#kubernetes#aws#log4j#amd#auth#ssh#rpm#docker#ssl
CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

CVE-2021-23239: Stable Release

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

CVE-2020-35488: GitHub - GuillaumePetit84/CVE-2020-35488

The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.)

CVE-2020-26422: Buildbot crash output: fuzz-2020-12-09-3589621.pcap (#17073) · Issues · Wireshark Foundation / wireshark · GitLab

Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file

CVE-2020-26419: Buildbot crash output: fuzz-2020-11-19-20476.pcap (#17032) · Issues · Wireshark Foundation / wireshark · GitLab

Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.

CVE-2020-26418: Buildbot crash output: fuzz-2020-07-28-14741.pcap (#16739) · Issues · Wireshark Foundation / wireshark · GitLab

Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

CVE-2020-13584: TALOS-2020-1195 || Cisco Talos Intelligence Group

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.

CVE-2020-28975: Segmentation fault on SVMLIB · Issue #18891 · scikit-learn/scikit-learn

** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.