Filtered by vendor Linux
Subscribe
Total
5378 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22003 | 2 Linux, Vmware | 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account. | |||||
| CVE-2015-2802 | 4 Hp, Linux, Microsoft and 1 more | 6 Asset Manager, Asset Manager Cloudsystem Chargeback, Sitescope and 3 more | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability. | |||||
| CVE-2021-25252 | 7 Apple, Emc, Linux and 4 more | 25 Macos, Celerra Network Attached Storage, Linux Kernel and 22 more | 2021-09-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. | |||||
| CVE-2021-1450 | 4 Apple, Cisco, Linux and 1 more | 4 Macos, Anyconnect Secure Mobility Client, Linux Kernel and 1 more | 2021-09-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending one or more crafted IPC messages to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device. Note: The process under attack will automatically restart so no action is needed by the user or admin. | |||||
| CVE-2020-16022 | 4 Apple, Google, Linux and 1 more | 7 Macos, Android, Chrome and 4 more | 2021-09-08 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in networking in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially bypass firewall controls via a crafted HTML page. | |||||
| CVE-2020-29384 | 3 Advsys, Apple, Linux | 3 Pngout, Macos, Linux Kernel | 2021-09-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in PNGOUT 2020-01-15. When compressing a crafted PNG file, it encounters an integer overflow. | |||||
| CVE-2020-12651 | 4 Apple, Linux, Microsoft and 1 more | 5 Iphone Os, Macos, Linux Kernel and 2 more | 2021-09-08 | 10.0 HIGH | 9.8 CRITICAL |
| SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. | |||||
| CVE-2020-20950 | 5 Apple, Ietf, Linux and 2 more | 5 Macos, Public Key Cryptography Standards \#1, Linux Kernel and 2 more | 2021-09-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure. | |||||
| CVE-2019-12579 | 3 Apple, Linux, Londontrustmedia | 3 Macos, Linux Kernel, Private Internet Access Vpn Client | 2021-09-08 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA Linux/macOS binary openvpn_launcher.64 binary is setuid root. This binary accepts several parameters to update the system configuration. These parameters are passed to operating system commands using a "here" document. The parameters are not sanitized, which allow for arbitrary commands to be injected using shell metacharacters. A local unprivileged user can pass special crafted parameters that will be interpolated by the operating system calls. | |||||
| CVE-2019-12573 | 3 Apple, Linux, Londontrustmedia | 3 Macos, Linux Kernel, Private Internet Access Vpn Client | 2021-09-08 | 6.6 MEDIUM | 7.1 HIGH |
| A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpn_launcher binary is setuid root. This binary supports the --log option, which accepts a path as an argument. This parameter is not sanitized, which allows a local unprivileged user to overwrite arbitrary files owned by any user on the system, including root. This creates a denial of service condition and possible data loss if leveraged by a malicious local user. | |||||
| CVE-2016-5202 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2021-09-08 | 7.5 HIGH | 9.1 CRITICAL |
| browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. | |||||
| CVE-2019-20374 | 3 Apple, Linux, Typora | 3 Macos, Linux Kernel, Typora | 2021-09-08 | 6.8 MEDIUM | 9.6 CRITICAL |
| A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML sanitization. Given that the application is based on the Electron framework, the XSS leads to remote code execution in an unsandboxed environment. | |||||
| CVE-2020-9746 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Macos, Chrome Os and 4 more | 2021-09-08 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL. | |||||
| CVE-2019-17387 | 4 Apple, Aviatrix, Linux and 1 more | 4 Macos, Vpn Client, Linux Kernel and 1 more | 2021-09-08 | 7.2 HIGH | 7.8 HIGH |
| An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS. | |||||
| CVE-2017-3112 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Macos, Chrome Os and 7 more | 2021-09-08 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | |||||
| CVE-2017-11213 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Macos, Chrome Os and 7 more | 2021-09-08 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | |||||
| CVE-2018-6151 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Chrome and 6 more | 2021-09-08 | 6.8 MEDIUM | 8.8 HIGH |
| Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. | |||||
| CVE-2017-11225 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Macos, Chrome Os and 7 more | 2021-09-08 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3114 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Macos, Chrome Os and 7 more | 2021-09-08 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | |||||
| CVE-2018-4871 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Macos, Chrome Os and 7 more | 2021-09-08 | 5.0 MEDIUM | 7.5 HIGH |
| An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | |||||