Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20612 | 2 Google, Mediatek | 37 Android, Mt6739, Mt6761 and 34 more | 2023-02-14 | N/A | 6.7 MEDIUM |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629571; Issue ID: ALPS07629571. | |||||
| CVE-2023-20606 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2023-02-14 | N/A | 4.4 MEDIUM |
| In apusys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571104; Issue ID: ALPS07571104. | |||||
| CVE-2018-16889 | 1 Redhat | 1 Ceph | 2023-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. | |||||
| CVE-2018-14656 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 2.1 LOW | 5.5 MEDIUM |
| A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log. | |||||
| CVE-2018-10874 | 1 Redhat | 4 Ansible Engine, Openstack, Virtualization and 1 more | 2023-02-13 | 4.6 MEDIUM | 7.8 HIGH |
| In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | |||||
| CVE-2016-3110 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2023-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element. | |||||
| CVE-2013-6380 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 4.7 MEDIUM | N/A |
| The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. | |||||
| CVE-2013-6368 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-02-13 | 6.2 MEDIUM | N/A |
| The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. | |||||
| CVE-2013-4549 | 2 Digia, Qt | 2 Qt, Qt | 2023-02-13 | 5.0 MEDIUM | N/A |
| QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. | |||||
| CVE-2013-4270 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 3.6 LOW | N/A |
| The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application. | |||||
| CVE-2013-4254 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 6.9 MEDIUM | N/A |
| The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event. | |||||
| CVE-2013-4180 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2023-02-13 | 5.0 MEDIUM | N/A |
| The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. | |||||
| CVE-2013-4129 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 4.7 MEDIUM | N/A |
| The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c. | |||||
| CVE-2013-4111 | 2 Openstack, Opensuse | 2 Python Glanceclient, Opensuse | 2023-02-13 | 5.8 MEDIUM | N/A |
| The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2013-2232 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 4.9 MEDIUM | N/A |
| The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. | |||||
| CVE-2013-2230 | 1 Redhat | 1 Libvirt | 2023-02-13 | 4.0 MEDIUM | N/A |
| The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration." | |||||
| CVE-2013-2140 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 3.8 LOW | N/A |
| The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature. | |||||
| CVE-2013-1943 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2023-02-13 | 4.4 MEDIUM | 7.8 HIGH |
| The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. | |||||
| CVE-2013-1892 | 2 Mongodb, Redhat | 2 Mongodb, Enterprise Mrg | 2023-02-13 | 6.0 MEDIUM | N/A |
| MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument. | |||||
| CVE-2013-1854 | 2 Redhat, Rubyonrails | 3 Enterprise Linux, Rails, Ruby On Rails | 2023-02-13 | 5.0 MEDIUM | N/A |
| The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method. | |||||