Active Iq Performance Analytics Services
Monthly
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Rated medium severity (CVSS 5.6). Public exploit code available and no vendor patch available.
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
An issue was discovered in sd-bus in systemd 239. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An issue was discovered in the Linux kernel before 4.8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
An issue was discovered in the Linux kernel through 4.18.8. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Rated medium severity (CVSS 5.6). Public exploit code available and no vendor patch available.
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
An issue was discovered in sd-bus in systemd 239. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An issue was discovered in the Linux kernel before 4.8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
An issue was discovered in the Linux kernel through 4.18.8. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.