_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
SNMP is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. This package contains the snmpd and snmptrapd daemons, documentation, etc. You ...
This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. Non-security issues fixed: - swintst_rpm: Protect against unspecified Group name - ...
[1.12.10-1.0.13] - CVE-2020-8559: Privilege escalation from compromised node to cluster - CVE-2020-8557: Node disk DOS by writing to container /etc/hosts
kernel-uek-container [4.14.35-1902.303.5.3.el7] - rds: Deregister all FRWR mr with free_mr [Orabug: 31476202] - Revert "rds: Do not cancel RDMAs that have been posted to the HCA" [Orabug: 31475329] - Revert "rds: Introduce rds_conn_to_path helper" [Orabug: 31475329] - Revert "rds: Three cancel fixes" [Orabug: 31475318] [4.14.35-1902.303.5.2.el7] - rds: Three cancel fixes [Orabug: 31463014] [4 ...
The host is installed with SteelSeries GG 36.0.0 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle an unencrypted database that is writable for all users on the computer. Successful exploitation could allow attackers to trigger code execution with higher privileges.
The host is installed with SteelSeries GG 36.0.0 and is prone to a path traversal vulnerability. A flaw is present in the application, which fails to properly handle the open API listener that is used to create a sub-application. Successful exploitation could allow attackers to execute this sub-application automatically from a controlled location.