Total
199 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-25219 | 6 Debian, Fedoraproject, Isc and 3 more | 23 Debian Linux, Fedora, Bind and 20 more | 2022-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing. | |||||
CVE-2022-0330 | 4 Fedoraproject, Linux, Netapp and 1 more | 46 Fedora, Linux Kernel, H300e and 43 more | 2022-12-07 | 4.6 MEDIUM | 7.8 HIGH |
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. | |||||
CVE-2022-25258 | 4 Debian, Fedoraproject, Linux and 1 more | 14 Debian Linux, Fedora, Linux Kernel and 11 more | 2022-12-06 | 4.9 MEDIUM | 4.6 MEDIUM |
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. | |||||
CVE-2021-3753 | 3 Linux, Netapp, Redhat | 18 Linux Kernel, Active Iq Unified Manager, Bootstrap Os and 15 more | 2022-12-06 | 1.9 LOW | 4.7 MEDIUM |
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality. | |||||
CVE-2020-14155 | 5 Apple, Gitlab, Netapp and 2 more | 19 Macos, Gitlab, Active Iq Unified Manager and 16 more | 2022-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | |||||
CVE-2022-1679 | 3 Debian, Linux, Netapp | 18 Debian Linux, Linux Kernel, H300e and 15 more | 2022-12-02 | 7.2 HIGH | 7.8 HIGH |
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
CVE-2020-12888 | 6 Canonical, Debian, Fedoraproject and 3 more | 39 Ubuntu Linux, Debian Linux, Fedora and 36 more | 2022-11-14 | 4.7 MEDIUM | 5.3 MEDIUM |
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. | |||||
CVE-2021-33574 | 4 Debian, Fedoraproject, Gnu and 1 more | 20 Debian Linux, Fedora, Glibc and 17 more | 2022-11-08 | 7.5 HIGH | 9.8 CRITICAL |
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. | |||||
CVE-2021-41182 | 7 Debian, Drupal, Fedoraproject and 4 more | 37 Debian Linux, Drupal, Fedora and 34 more | 2022-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. | |||||
CVE-2021-41184 | 6 Drupal, Fedoraproject, Jquery and 3 more | 35 Drupal, Fedora, Jquery Ui and 32 more | 2022-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. | |||||
CVE-2021-41183 | 7 Debian, Drupal, Fedoraproject and 4 more | 36 Debian Linux, Drupal, Fedora and 33 more | 2022-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. | |||||
CVE-2022-36879 | 3 Debian, Linux, Netapp | 43 Debian Linux, Linux Kernel, A700s and 40 more | 2022-11-04 | N/A | 5.5 MEDIUM |
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. | |||||
CVE-2021-43267 | 3 Fedoraproject, Linux, Netapp | 16 Fedora, Linux Kernel, H300e and 13 more | 2022-11-02 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. | |||||
CVE-2022-23308 | 6 Apple, Debian, Fedoraproject and 3 more | 44 Ipados, Iphone Os, Mac Os X and 41 more | 2022-11-02 | 4.3 MEDIUM | 7.5 HIGH |
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | |||||
CVE-2022-1678 | 2 Linux, Netapp | 26 Linux Kernel, Active Iq Unified Manager, Bootstrap Os and 23 more | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. | |||||
CVE-2022-1882 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2022-10-27 | 7.2 HIGH | 7.8 HIGH |
A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
CVE-2022-34918 | 4 Canonical, Debian, Linux and 1 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2022-10-26 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. | |||||
CVE-2020-36385 | 3 Linux, Netapp, Starwindsoftware | 19 Linux Kernel, H300e, H300e Firmware and 16 more | 2022-10-25 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. | |||||
CVE-2022-29581 | 4 Canonical, Debian, Linux and 1 more | 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more | 2022-10-19 | 7.2 HIGH | 7.8 HIGH |
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. | |||||
CVE-2022-1116 | 2 Linux, Netapp | 9 Linux Kernel, H300s, H300s Firmware and 6 more | 2022-10-19 | 7.2 HIGH | 7.8 HIGH |
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. |