Total
8819 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37159 | 3 Debian, Linux, Oracle | 5 Debian Linux, Linux Kernel, Communications Cloud Native Core Binding Support Function and 2 more | 2024-03-25 | 4.4 MEDIUM | 6.4 MEDIUM |
| hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. | |||||
| CVE-2021-34693 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-03-25 | 2.1 LOW | 5.5 MEDIUM |
| net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. | |||||
| CVE-2021-29155 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-03-25 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. | |||||
| CVE-2021-29154 | 4 Debian, Fedoraproject, Linux and 1 more | 20 Debian Linux, Fedora, Linux Kernel and 17 more | 2024-03-25 | 7.2 HIGH | 7.8 HIGH |
| BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. | |||||
| CVE-2021-28038 | 3 Debian, Linux, Netapp | 4 Debian Linux, Linux Kernel, Cloud Backup and 1 more | 2024-03-25 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. | |||||
| CVE-2021-26932 | 4 Debian, Fedoraproject, Linux and 1 more | 9 Debian Linux, Fedora, Linux Kernel and 6 more | 2024-03-25 | 1.9 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. | |||||
| CVE-2021-26931 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-03-25 | 1.9 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. | |||||
| CVE-2021-26930 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-03-25 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. | |||||
| CVE-2021-42739 | 5 Debian, Fedoraproject, Linux and 2 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2024-03-24 | 4.6 MEDIUM | 6.7 MEDIUM |
| The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. | |||||
| CVE-2023-3618 | 3 Debian, Libtiff, Redhat | 3 Debian Linux, Libtiff, Enterprise Linux | 2024-03-23 | N/A | 6.5 MEDIUM |
| A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. | |||||
| CVE-2022-22817 | 2 Debian, Python | 2 Debian Linux, Pillow | 2024-03-22 | 7.5 HIGH | 9.8 CRITICAL |
| PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used. | |||||
| CVE-2016-1244 | 2 Debian, Unadf Project | 2 Debian Linux, Unadf | 2024-03-15 | 9.3 HIGH | 8.8 HIGH |
| The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file. | |||||
| CVE-2016-1243 | 2 Debian, Unadf Project | 2 Debian Linux, Unadf | 2024-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname. | |||||
| CVE-2022-38751 | 2 Debian, Snakeyaml Project | 2 Debian Linux, Snakeyaml | 2024-03-15 | N/A | 6.5 MEDIUM |
| Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | |||||
| CVE-2022-38750 | 2 Debian, Snakeyaml Project | 2 Debian Linux, Snakeyaml | 2024-03-15 | N/A | 5.5 MEDIUM |
| Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | |||||
| CVE-2022-38749 | 2 Debian, Snakeyaml Project | 2 Debian Linux, Snakeyaml | 2024-03-15 | N/A | 6.5 MEDIUM |
| Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | |||||
| CVE-2022-25857 | 2 Debian, Snakeyaml Project | 2 Debian Linux, Snakeyaml | 2024-03-15 | N/A | 7.5 HIGH |
| The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. | |||||
| CVE-2016-2143 | 4 Debian, Linux, Oracle and 1 more | 4 Debian Linux, Linux Kernel, Linux and 1 more | 2024-03-14 | 6.9 MEDIUM | 7.8 HIGH |
| The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h. | |||||
| CVE-2017-10661 | 3 Debian, Linux, Redhat | 6 Debian Linux, Linux Kernel, Enterprise Linux and 3 more | 2024-03-14 | 7.6 HIGH | 7.0 HIGH |
| Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. | |||||
| CVE-2012-2143 | 4 Debian, Freebsd, Php and 1 more | 4 Debian Linux, Freebsd, Php and 1 more | 2024-03-14 | 4.3 MEDIUM | N/A |
| The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. | |||||