Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Linux Subscribe
Total 5378 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-29701 3 Ibm, Linux, Microsoft 4 Engineering Workflow Management, Rational Team Concert, Linux Kernel and 1 more 2022-01-20 4.0 MEDIUM 4.3 MEDIUM
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657.
CVE-2021-46283 1 Linux 1 Linux Kernel 2022-01-20 4.9 MEDIUM 5.5 MEDIUM
nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.
CVE-2015-7515 1 Linux 1 Linux Kernel 2022-01-18 4.9 MEDIUM 4.6 MEDIUM
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
CVE-2021-45884 4 Apple, Brave, Linux and 1 more 4 Macos, Brave, Linux Kernel and 1 more 2022-01-07 4.3 MEDIUM 7.5 HIGH
In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916.
CVE-2021-38205 2 Debian, Linux 2 Debian Linux, Linux Kernel 2022-01-04 2.1 LOW 3.3 LOW
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).
CVE-2021-26930 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2022-01-04 4.6 MEDIUM 7.8 HIGH
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.
CVE-2021-38198 2 Debian, Linux 2 Debian Linux, Linux Kernel 2022-01-04 2.1 LOW 5.5 MEDIUM
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.
CVE-2021-38204 2 Debian, Linux 2 Debian Linux, Linux Kernel 2022-01-04 4.6 MEDIUM 6.8 MEDIUM
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.
CVE-2021-22056 2 Linux, Vmware 4 Linux Kernel, Identity Manager, Vrealize Automation and 1 more 2022-01-03 5.0 MEDIUM 7.5 HIGH
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.
CVE-2019-18910 2 Hp, Linux 2 Thinpro, Linux Kernel 2022-01-01 4.6 MEDIUM 6.8 MEDIUM
The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges.
CVE-2019-18909 2 Hp, Linux 2 Thinpro, Linux Kernel 2022-01-01 7.7 HIGH 8.0 HIGH
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.
CVE-2019-13456 4 Freeradius, Linux, Opensuse and 1 more 4 Freeradius, Linux Kernel, Leap and 1 more 2022-01-01 2.9 LOW 6.5 MEDIUM
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
CVE-2020-0561 4 Intel, Linux, Microsoft and 1 more 5 Software Guard Extensions Sdk, Linux Kernel, Windows and 2 more 2022-01-01 4.6 MEDIUM 7.8 HIGH
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-4211 2 Ibm, Linux 2 Spectrum Protect, Linux Kernel 2022-01-01 10.0 HIGH 9.8 CRITICAL
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022.
CVE-2020-4212 2 Ibm, Linux 2 Spectrum Protect, Linux Kernel 2022-01-01 10.0 HIGH 9.8 CRITICAL
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175023.
CVE-2020-4210 2 Ibm, Linux 2 Spectrum Protect, Linux Kernel 2022-01-01 10.0 HIGH 9.8 CRITICAL
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175020.
CVE-2020-4135 4 Ibm, Linux, Microsoft and 1 more 5 Aix, Db2, Linux Kernel and 2 more 2022-01-01 5.0 MEDIUM 7.5 HIGH
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.
CVE-2020-16119 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2022-01-01 4.6 MEDIUM 7.8 HIGH
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.
CVE-2021-31829 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2022-01-01 2.1 LOW 5.5 MEDIUM
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.
CVE-2021-38160 4 Debian, Linux, Netapp and 1 more 9 Debian Linux, Linux Kernel, Element Software and 6 more 2022-01-01 7.2 HIGH 7.8 HIGH
** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior.