Total
4491 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3679 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2021-09-25 | 2.1 LOW | 5.5 MEDIUM |
| A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service. | |||||
| CVE-2021-38166 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2021-09-25 | 4.6 MEDIUM | 7.8 HIGH |
| In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability. | |||||
| CVE-2020-16119 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2021-09-25 | 4.6 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. | |||||
| CVE-2021-38199 | 1 Linux | 1 Linux Kernel | 2021-09-25 | 3.3 LOW | 6.5 MEDIUM |
| fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. | |||||
| CVE-2021-37576 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2021-09-25 | 7.2 HIGH | 7.8 HIGH |
| arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. | |||||
| CVE-2021-40490 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2021-09-25 | 4.4 MEDIUM | 7.0 HIGH |
| A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. | |||||
| CVE-2021-38160 | 1 Linux | 1 Linux Kernel | 2021-09-25 | 7.2 HIGH | 7.8 HIGH |
| ** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior. | |||||
| CVE-2021-30565 | 3 Fedoraproject, Google, Linux | 4 Fedora, Chrome, Chrome Os and 1 more | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. | |||||
| CVE-2021-30611 | 3 Fedoraproject, Google, Linux | 4 Fedora, Chrome, Chrome Os and 1 more | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30611 Use after free in WebRTC | |||||
| CVE-2021-30612 | 3 Fedoraproject, Google, Linux | 4 Fedora, Chrome, Chrome Os and 1 more | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30612 Use after free in WebRTC | |||||
| CVE-2021-29841 | 2 Ibm, Linux | 5 Aix, Financial Transaction Manager, Linux On Zseries and 2 more | 2021-09-24 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. | |||||
| CVE-2014-4611 | 1 Linux | 1 Linux Kernel | 2021-09-24 | 5.0 MEDIUM | N/A |
| Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715. | |||||
| CVE-2017-3080 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Mac Os X, Macos and 5 more | 2021-09-22 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure. | |||||
| CVE-2017-3099 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Mac Os X, Macos and 5 more | 2021-09-22 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3106 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Mac Os X, Macos and 5 more | 2021-09-22 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3100 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Mac Os X, Macos and 5 more | 2021-09-22 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure. | |||||
| CVE-2017-3073 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Mac Os X, Macos and 5 more | 2021-09-22 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3072 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Mac Os X, Macos and 5 more | 2021-09-22 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3074 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Mac Os X, Macos and 5 more | 2021-09-22 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-11292 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Mac Os X, Macos and 5 more | 2021-09-22 | 6.5 MEDIUM | 8.8 HIGH |
| Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution. | |||||