Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14386 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2021-33200 | 3 Fedoraproject, Linux, Netapp | 19 Fedora, Linux Kernel, Cloud Backup and 16 more | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit. | |||||
| CVE-2022-3715 | 2 Gnu, Redhat | 2 Bash, Enterprise Linux | 2023-02-24 | N/A | 7.8 HIGH |
| A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems. | |||||
| CVE-2018-11506 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. | |||||
| CVE-2018-16276 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges. | |||||
| CVE-2021-28021 | 3 Debian, Fedoraproject, Stb Project | 3 Debian Linux, Fedora, Stb | 2023-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. | |||||
| CVE-2022-45586 | 1 Xpdfreader | 1 Xpdf | 2023-02-24 | N/A | 5.5 MEDIUM |
| Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service. | |||||
| CVE-2022-45587 | 1 Xpdfreader | 1 Xpdf | 2023-02-24 | N/A | 5.5 MEDIUM |
| Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service. | |||||
| CVE-2021-43336 | 2 Opendesign, Siemens | 4 Drawings Software Development Kit, Jt2go, Solid Edge and 1 more | 2023-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2017-8067 | 1 Linux | 1 Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2021-40394 | 2 Debian, Gerbv Project | 2 Debian Linux, Gerbv | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2018-1636 | 1 Ibm | 1 Informix Dynamic Server | 2023-02-23 | 7.2 HIGH | 6.7 MEDIUM |
| Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441. | |||||
| CVE-2018-1635 | 1 Ibm | 1 Informix Dynamic Server | 2023-02-23 | 7.2 HIGH | 6.7 MEDIUM |
| Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439. | |||||
| CVE-2022-37325 | 1 Sangoma | 1 Asterisk | 2023-02-23 | N/A | 7.5 HIGH |
| In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash. | |||||
| CVE-2021-3638 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2023-02-23 | 2.1 LOW | 6.5 MEDIUM |
| An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. | |||||
| CVE-2023-20949 | 1 Google | 1 Android | 2023-02-23 | N/A | 5.5 MEDIUM |
| In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323133References: N/A | |||||
| CVE-2022-31783 | 2 Fedoraproject, Liblouis | 2 Fedora, Liblouis | 2023-02-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. | |||||
| CVE-2022-32035 | 1 Tenda | 2 M3, M3 Firmware | 2023-02-23 | 7.8 HIGH | 7.5 HIGH |
| Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. | |||||
| CVE-2021-3697 | 2 Gnu, Redhat | 12 Grub, Codeready Linux Builder, Developer Tools and 9 more | 2023-02-23 | 4.4 MEDIUM | 7.0 HIGH |
| A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | |||||
| CVE-2022-3627 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Active Iq Unified Manager | 2023-02-23 | N/A | 6.5 MEDIUM |
| LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. | |||||