Total
181 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3882 | 6 Canonical, Debian, Fedoraproject and 3 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. | |||||
| CVE-2019-14835 | 8 Canonical, Debian, Fedoraproject and 5 more | 44 Ubuntu Linux, Debian Linux, Fedora and 41 more | 2023-02-12 | 7.2 HIGH | 7.8 HIGH |
| A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. | |||||
| CVE-2019-14816 | 6 Canonical, Debian, Linux and 3 more | 51 Ubuntu Linux, Debian Linux, Linux Kernel and 48 more | 2023-02-12 | 7.2 HIGH | 7.8 HIGH |
| There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | |||||
| CVE-2019-14814 | 6 Canonical, Debian, Linux and 3 more | 50 Ubuntu Linux, Debian Linux, Linux Kernel and 47 more | 2023-02-12 | 7.2 HIGH | 7.8 HIGH |
| There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | |||||
| CVE-2019-14821 | 8 Canonical, Debian, Fedoraproject and 5 more | 38 Ubuntu Linux, Debian Linux, Fedora and 35 more | 2023-02-12 | 7.2 HIGH | 8.8 HIGH |
| An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. | |||||
| CVE-2019-10126 | 6 Canonical, Debian, Linux and 3 more | 26 Ubuntu Linux, Debian Linux, Linux Kernel and 23 more | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. | |||||
| CVE-2018-20669 | 3 Canonical, Linux, Netapp | 7 Ubuntu Linux, Linux Kernel, Cn1610 and 4 more | 2023-01-20 | 7.2 HIGH | 7.8 HIGH |
| An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. | |||||
| CVE-2019-19816 | 4 Canonical, Debian, Linux and 1 more | 18 Ubuntu Linux, Debian Linux, Linux Kernel and 15 more | 2023-01-19 | 9.3 HIGH | 7.8 HIGH |
| In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. | |||||
| CVE-2019-13272 | 6 Canonical, Debian, Fedoraproject and 3 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2023-01-17 | 7.2 HIGH | 7.8 HIGH |
| In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. | |||||
| CVE-2021-22926 | 4 Haxx, Netapp, Oracle and 1 more | 25 Curl, Active Iq Unified Manager, Clustered Data Ontap and 22 more | 2023-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake. | |||||
| CVE-2021-22925 | 6 Apple, Fedoraproject, Haxx and 3 more | 26 Mac Os X, Macos, Fedora and 23 more | 2023-01-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. | |||||
| CVE-2021-22923 | 5 Fedoraproject, Haxx, Netapp and 2 more | 22 Fedora, Curl, Cloud Backup and 19 more | 2023-01-05 | 2.6 LOW | 5.3 MEDIUM |
| When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened. | |||||
| CVE-2021-22922 | 5 Fedoraproject, Haxx, Netapp and 2 more | 22 Fedora, Curl, Cloud Backup and 19 more | 2023-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk. | |||||
| CVE-2022-32205 | 6 Apple, Debian, Fedoraproject and 3 more | 28 Macos, Debian Linux, Fedora and 25 more | 2023-01-05 | 4.3 MEDIUM | 4.3 MEDIUM |
| A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method. | |||||
| CVE-2022-32207 | 5 Apple, Debian, Fedoraproject and 2 more | 18 Macos, Debian Linux, Fedora and 15 more | 2023-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | |||||
| CVE-2022-32208 | 5 Apple, Debian, Fedoraproject and 2 more | 18 Macos, Debian Linux, Fedora and 15 more | 2023-01-05 | 4.3 MEDIUM | 5.9 MEDIUM |
| When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. | |||||
| CVE-2017-15906 | 5 Debian, Netapp, Openbsd and 2 more | 22 Debian Linux, Active Iq Unified Manager, Cloud Backup and 19 more | 2022-12-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | |||||
| CVE-2021-43818 | 5 Debian, Fedoraproject, Lxml and 2 more | 12 Debian Linux, Fedora, Lxml and 9 more | 2022-12-09 | 6.8 MEDIUM | 7.1 HIGH |
| lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. | |||||
| CVE-2021-4203 | 3 Linux, Netapp, Oracle | 23 Linux Kernel, A700s, A700s Firmware and 20 more | 2022-12-08 | 4.9 MEDIUM | 6.8 MEDIUM |
| A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. | |||||
| CVE-2021-3753 | 3 Linux, Netapp, Redhat | 18 Linux Kernel, Active Iq Unified Manager, Bootstrap Os and 15 more | 2022-12-06 | 1.9 LOW | 4.7 MEDIUM |
| A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality. | |||||