[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 10943 Download | Alert*

The host is installed with gnutls before 3.1.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate. Successful exploitation could allow remote attackers to conduct downgrade attacks.

The host is installed with gnutls on Red Hat Enterprise Linux 6 or 7 and is prone to a cross-signature attack vulnerability. A flaw is present in the application, which fails to properly validate whether the two signature algorithms match on certificate import. Successful exploitation could allow attackers to produce forged certificate.

The host is installed with Elasticsearch 6.7.x through 6.8.3 and 7.x through 7.3.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an issue in API Key service. Successful exploitation could allow attackers to send a specially crafted request and determine if a username exists in the Elasticsearch native realm.

The host is installed with Elasticsearch 6.7.x through 6.8.3 and 7.x through 7.3.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an issue in API Key service. Successful exploitation could allow attackers to send a specially crafted request and determine if a username exists in the Elasticsearch native realm.

The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.

In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.

An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace"s pid 1, it will result in a hung task, and resources being permanently locked up until system reboo ...

procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel"s proc_pid_readdir returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng"s utilitie ...

The host is installed with rhn-client-tools on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle crafted hostnames. Successful exploitation could allow attackers to prevent registration from taking place properly.


Pages:      Start    1061    1062    1063    1064    1065    1066    1067    1068    1069    1070    1071    1072    1073    1074    ..   1094

© SecPod Technologies