Total
288 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1434 | 2 Netapp, Openssl | 43 A250, A250 Firmware, A700s and 40 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). | |||||
CVE-2022-26966 | 3 Debian, Linux, Netapp | 17 Debian Linux, Linux Kernel, Active Iq Unified Manager and 14 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. | |||||
CVE-2021-3752 | 6 Debian, Fedoraproject, Linux and 3 more | 27 Debian Linux, Fedora, Linux Kernel and 24 more | 2023-12-10 | 7.9 HIGH | 7.1 HIGH |
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
CVE-2021-4090 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2023-12-10 | 6.6 MEDIUM | 7.1 HIGH |
An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat. | |||||
CVE-2021-4197 | 5 Broadcom, Debian, Linux and 2 more | 14 Brocade Fabric Operating System Firmware, Debian Linux, Linux Kernel and 11 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. | |||||
CVE-2022-0742 | 2 Linux, Netapp | 27 Linux Kernel, A400, A400 Firmware and 24 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc. | |||||
CVE-2022-26490 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. | |||||
CVE-2022-29968 | 3 Fedoraproject, Linux, Netapp | 13 Fedora, Linux Kernel, H300s and 10 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. | |||||
CVE-2022-28388 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | |||||
CVE-2022-1343 | 2 Netapp, Openssl | 43 A250, A250 Firmware, A700s and 40 more | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). | |||||
CVE-2022-1353 | 4 Debian, Linux, Netapp and 1 more | 19 Debian Linux, Linux Kernel, H300e and 16 more | 2023-12-10 | 3.6 LOW | 7.1 HIGH |
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | |||||
CVE-2022-32250 | 4 Debian, Fedoraproject, Linux and 1 more | 13 Debian Linux, Fedora, Linux Kernel and 10 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. | |||||
CVE-2022-0492 | 6 Canonical, Debian, Fedoraproject and 3 more | 30 Ubuntu Linux, Debian Linux, Fedora and 27 more | 2023-12-10 | 6.9 MEDIUM | 7.8 HIGH |
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | |||||
CVE-2021-3753 | 3 Linux, Netapp, Redhat | 18 Linux Kernel, Active Iq Unified Manager, Bootstrap Os and 15 more | 2023-12-10 | 1.9 LOW | 4.7 MEDIUM |
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality. | |||||
CVE-2022-0995 | 3 Fedoraproject, Linux, Netapp | 24 Fedora, Linux Kernel, H300e and 21 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. | |||||
CVE-2022-0667 | 2 Isc, Netapp | 17 Bind, H300e, H300e Firmware and 14 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 | |||||
CVE-2022-29156 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. | |||||
CVE-2022-1882 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
CVE-2022-29824 | 5 Debian, Fedoraproject, Netapp and 2 more | 24 Debian Linux, Fedora, Active Iq Unified Manager and 21 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. | |||||
CVE-2020-36516 | 2 Linux, Netapp | 29 Linux Kernel, Bootstrap Os, Cloud Volumes Ontap Mediator and 26 more | 2023-12-10 | 4.9 MEDIUM | 5.9 MEDIUM |
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. |