Vulnerabilities (CVE)

Filtered by vendor Linux Subscribe
Total 4684 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-45485 1 Linux 1 Linux Kernel 2022-01-21 5.0 MEDIUM 7.5 HIGH
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
CVE-2021-29701 3 Ibm, Linux, Microsoft 4 Engineering Workflow Management, Rational Team Concert, Linux Kernel and 1 more 2022-01-20 4.0 MEDIUM 4.3 MEDIUM
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657.
CVE-2021-46283 1 Linux 1 Linux Kernel 2022-01-20 4.9 MEDIUM 5.5 MEDIUM
nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.
CVE-2021-44458 2 Linux, Mirantis 2 Linux Kernel, Lens 2022-01-19 5.1 MEDIUM 9.6 CRITICAL
Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.
CVE-2021-1056 2 Linux, Nvidia 2 Linux Kernel, Gpu Driver 2022-01-18 3.6 LOW 7.1 HIGH
NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.
CVE-2015-7515 1 Linux 1 Linux Kernel 2022-01-18 4.9 MEDIUM 4.6 MEDIUM
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
CVE-2021-28715 1 Linux 1 Linux Kernel 2022-01-18 2.1 LOW 6.5 MEDIUM
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)
CVE-2021-28714 1 Linux 1 Linux Kernel 2022-01-18 2.1 LOW 6.5 MEDIUM
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)
CVE-2020-36406 2 Linux, Uwebsockets Project 2 Linux Kernel, Uwebsockets 2022-01-17 6.8 MEDIUM 8.8 HIGH
** DISPUTED ** uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate.
CVE-2021-38931 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2022-01-14 4.0 MEDIUM 6.5 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.
CVE-2021-38926 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2022-01-14 2.1 LOW 5.5 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321.
CVE-2021-45469 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2022-01-14 4.6 MEDIUM 7.8 HIGH
In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.
CVE-2021-44733 4 Debian, Fedoraproject, Linux and 1 more 4 Debian Linux, Fedora, Linux Kernel and 1 more 2022-01-14 4.4 MEDIUM 7.0 HIGH
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
CVE-2021-29678 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2022-01-14 5.5 MEDIUM 8.7 HIGH
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.
CVE-2021-39002 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2022-01-14 5.0 MEDIUM 7.5 HIGH
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2021-45486 1 Linux 1 Linux Kernel 2022-01-10 2.1 LOW 5.5 MEDIUM
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
CVE-2021-45100 2 Ksmbd Project, Linux 2 Ksmbd, Linux Kernel 2022-01-10 5.0 MEDIUM 7.5 HIGH
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption.
CVE-2021-45480 1 Linux 1 Linux Kernel 2022-01-10 4.7 MEDIUM 5.5 MEDIUM
An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.
CVE-2021-45884 4 Apple, Brave, Linux and 1 more 4 Macos, Brave, Linux Kernel and 1 more 2022-01-07 4.3 MEDIUM 7.5 HIGH
In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916.
CVE-2018-25020 1 Linux 1 Linux Kernel 2022-01-06 4.6 MEDIUM 7.8 HIGH
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.