Total
972 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-8391 | 5 Fedoraproject, Oracle, Pcre and 2 more | 10 Fedora, Linux, Pcre and 7 more | 2023-02-16 | 9.0 HIGH | 9.8 CRITICAL |
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | |||||
CVE-2018-14633 | 4 Canonical, Debian, Linux and 1 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2023-02-14 | 8.3 HIGH | 7.0 HIGH |
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable. | |||||
CVE-2022-0435 | 5 Fedoraproject, Linux, Netapp and 2 more | 37 Fedora, Linux Kernel, H300e and 34 more | 2023-02-14 | 9.0 HIGH | 8.8 HIGH |
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. | |||||
CVE-2021-4034 | 7 Canonical, Oracle, Polkit Project and 4 more | 32 Ubuntu Linux, Http Server, Zfs Storage Appliance Kit and 29 more | 2023-02-13 | 7.2 HIGH | 7.8 HIGH |
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. | |||||
CVE-2018-16866 | 5 Canonical, Debian, Netapp and 2 more | 21 Ubuntu Linux, Debian Linux, Active Iq Performance Analytics Services and 18 more | 2023-02-12 | 2.1 LOW | 3.3 LOW |
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. | |||||
CVE-2018-16865 | 5 Canonical, Debian, Oracle and 2 more | 11 Ubuntu Linux, Debian Linux, Communications Session Border Controller and 8 more | 2023-02-12 | 4.6 MEDIUM | 7.8 HIGH |
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable. | |||||
CVE-2018-16864 | 5 Canonical, Debian, Oracle and 2 more | 11 Ubuntu Linux, Debian Linux, Communications Session Border Controller and 8 more | 2023-02-12 | 4.6 MEDIUM | 7.8 HIGH |
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. | |||||
CVE-2018-14634 | 4 Canonical, Linux, Netapp and 1 more | 9 Ubuntu Linux, Linux Kernel, Active Iq Performance Analytics Services and 6 more | 2023-02-12 | 7.2 HIGH | 7.8 HIGH |
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable. | |||||
CVE-2018-14650 | 2 Redhat, Sos-collector Project | 6 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 3 more | 2023-02-12 | 1.9 LOW | 5.0 MEDIUM |
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory. | |||||
CVE-2016-4020 | 4 Canonical, Debian, Qemu and 1 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2023-02-12 | 2.1 LOW | 6.5 MEDIUM |
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). | |||||
CVE-2012-6075 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2023-02-12 | 9.3 HIGH | N/A |
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. | |||||
CVE-2011-0711 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2023-02-12 | 2.1 LOW | N/A |
The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call. | |||||
CVE-2010-4649 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Eus and 3 more | 2023-02-12 | 6.9 MEDIUM | N/A |
Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member. | |||||
CVE-2009-1891 | 5 Apache, Canonical, Debian and 2 more | 9 Http Server, Ubuntu Linux, Debian Linux and 6 more | 2023-02-12 | 7.1 HIGH | N/A |
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption). | |||||
CVE-2009-1890 | 5 Apache, Canonical, Debian and 2 more | 9 Http Server, Ubuntu Linux, Debian Linux and 6 more | 2023-02-12 | 7.1 HIGH | N/A |
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests. | |||||
CVE-2011-1163 | 3 Linux, Redhat, Suse | 7 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Eus and 4 more | 2023-02-12 | 2.1 LOW | N/A |
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing. | |||||
CVE-2011-1776 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2023-02-12 | 5.6 MEDIUM | 6.1 MEDIUM |
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. | |||||
CVE-2015-7529 | 3 Canonical, Redhat, Sos Project | 8 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2023-02-12 | 4.6 MEDIUM | 7.8 HIGH |
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. | |||||
CVE-2015-5165 | 7 Arista, Debian, Fedoraproject and 4 more | 24 Eos, Debian Linux, Fedora and 21 more | 2023-02-12 | 9.3 HIGH | N/A |
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. | |||||
CVE-2015-3281 | 5 Canonical, Debian, Haproxy and 2 more | 12 Ubuntu Linux, Debian Linux, Haproxy and 9 more | 2023-02-12 | 5.0 MEDIUM | N/A |
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. |