Total
198 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0330 | 4 Fedoraproject, Linux, Netapp and 1 more | 46 Fedora, Linux Kernel, H300e and 43 more | 2022-12-07 | 4.6 MEDIUM | 7.8 HIGH |
| A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. | |||||
| CVE-2022-25258 | 4 Debian, Fedoraproject, Linux and 1 more | 14 Debian Linux, Fedora, Linux Kernel and 11 more | 2022-12-06 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. | |||||
| CVE-2021-3753 | 3 Linux, Netapp, Redhat | 18 Linux Kernel, Active Iq Unified Manager, Bootstrap Os and 15 more | 2022-12-06 | 1.9 LOW | 4.7 MEDIUM |
| A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2020-14155 | 5 Apple, Gitlab, Netapp and 2 more | 19 Macos, Gitlab, Active Iq Unified Manager and 16 more | 2022-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | |||||
| CVE-2022-1679 | 3 Debian, Linux, Netapp | 18 Debian Linux, Linux Kernel, H300e and 15 more | 2022-12-02 | 7.2 HIGH | 7.8 HIGH |
| A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
| CVE-2020-12888 | 6 Canonical, Debian, Fedoraproject and 3 more | 39 Ubuntu Linux, Debian Linux, Fedora and 36 more | 2022-11-14 | 4.7 MEDIUM | 5.3 MEDIUM |
| The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. | |||||
| CVE-2021-33574 | 4 Debian, Fedoraproject, Gnu and 1 more | 20 Debian Linux, Fedora, Glibc and 17 more | 2022-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. | |||||
| CVE-2021-41182 | 7 Debian, Drupal, Fedoraproject and 4 more | 37 Debian Linux, Drupal, Fedora and 34 more | 2022-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. | |||||
| CVE-2021-41184 | 6 Drupal, Fedoraproject, Jquery and 3 more | 35 Drupal, Fedora, Jquery Ui and 32 more | 2022-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. | |||||
| CVE-2021-41183 | 7 Debian, Drupal, Fedoraproject and 4 more | 36 Debian Linux, Drupal, Fedora and 33 more | 2022-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. | |||||
| CVE-2022-36879 | 3 Debian, Linux, Netapp | 43 Debian Linux, Linux Kernel, A700s and 40 more | 2022-11-04 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. | |||||
| CVE-2021-43267 | 3 Fedoraproject, Linux, Netapp | 16 Fedora, Linux Kernel, H300e and 13 more | 2022-11-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. | |||||
| CVE-2022-23308 | 6 Apple, Debian, Fedoraproject and 3 more | 44 Ipados, Iphone Os, Mac Os X and 41 more | 2022-11-02 | 4.3 MEDIUM | 7.5 HIGH |
| valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | |||||
| CVE-2022-1678 | 2 Linux, Netapp | 26 Linux Kernel, Active Iq Unified Manager, Bootstrap Os and 23 more | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. | |||||
| CVE-2022-1882 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2022-10-27 | 7.2 HIGH | 7.8 HIGH |
| A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
| CVE-2022-34918 | 4 Canonical, Debian, Linux and 1 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2022-10-26 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. | |||||
| CVE-2020-36385 | 3 Linux, Netapp, Starwindsoftware | 19 Linux Kernel, H300e, H300e Firmware and 16 more | 2022-10-25 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. | |||||
| CVE-2022-29581 | 4 Canonical, Debian, Linux and 1 more | 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more | 2022-10-19 | 7.2 HIGH | 7.8 HIGH |
| Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. | |||||
| CVE-2022-1116 | 2 Linux, Netapp | 9 Linux Kernel, H300s, H300s Firmware and 6 more | 2022-10-19 | 7.2 HIGH | 7.8 HIGH |
| Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. | |||||
| CVE-2022-1055 | 5 Canonical, Fedoraproject, Linux and 2 more | 20 Ubuntu Linux, Fedora, Linux Kernel and 17 more | 2022-10-19 | 4.6 MEDIUM | 7.8 HIGH |
| A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 | |||||