Total
8822 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19448 | 4 Canonical, Debian, Linux and 1 more | 27 Ubuntu Linux, Debian Linux, Linux Kernel and 24 more | 2023-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. | |||||
| CVE-2022-20698 | 3 Canonical, Clamav, Debian | 3 Ubuntu Linux, Clamav, Debian Linux | 2023-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. | |||||
| CVE-2021-40394 | 2 Debian, Gerbv Project | 2 Debian Linux, Gerbv | 2023-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-0543 | 3 Canonical, Debian, Redis | 3 Ubuntu Linux, Debian Linux, Redis | 2023-09-29 | 10.0 HIGH | 10.0 CRITICAL |
| It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | |||||
| CVE-2021-43618 | 3 Debian, Gmplib, Netapp | 13 Debian Linux, Gmp, Active Iq Unified Manager and 10 more | 2023-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. | |||||
| CVE-2021-4156 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2023-09-29 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. | |||||
| CVE-2018-7998 | 2 Debian, Libvips | 2 Debian Linux, Libvips | 2023-09-29 | 5.1 MEDIUM | 7.5 HIGH |
| In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads. | |||||
| CVE-2020-25654 | 2 Clusterlabs, Debian | 2 Pacemaker, Debian Linux | 2023-09-29 | 9.0 HIGH | 7.2 HIGH |
| An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. | |||||
| CVE-2018-1160 | 3 Debian, Netatalk, Synology | 7 Debian Linux, Netatalk, Diskstation Manager and 4 more | 2023-09-29 | 10.0 HIGH | 9.8 CRITICAL |
| Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. | |||||
| CVE-2019-14814 | 6 Canonical, Debian, Linux and 3 more | 50 Ubuntu Linux, Debian Linux, Linux Kernel and 47 more | 2023-09-28 | 7.2 HIGH | 7.8 HIGH |
| There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | |||||
| CVE-2022-29599 | 2 Apache, Debian | 2 Maven Shared Utils, Debian Linux | 2023-09-28 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | |||||
| CVE-2022-39028 | 4 Debian, Gnu, Mit and 1 more | 4 Debian Linux, Inetutils, Kerberos 5 and 1 more | 2023-09-27 | N/A | 7.5 HIGH |
| telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. | |||||
| CVE-2017-1000376 | 4 Debian, Libffi Project, Oracle and 1 more | 6 Debian Linux, Libffi, Peopletools and 3 more | 2023-09-22 | 6.9 MEDIUM | 7.0 HIGH |
| libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. | |||||
| CVE-2021-20316 | 3 Debian, Redhat, Samba | 7 Debian Linux, Enterprise Linux, Enterprise Linux Aus and 4 more | 2023-09-17 | N/A | 6.8 MEDIUM |
| A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share. | |||||
| CVE-2020-25722 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-09-17 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. | |||||
| CVE-2020-25719 | 5 Canonical, Debian, Fedoraproject and 2 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2023-09-17 | 9.0 HIGH | 7.2 HIGH |
| A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. | |||||
| CVE-2020-25717 | 5 Canonical, Debian, Fedoraproject and 2 more | 25 Ubuntu Linux, Debian Linux, Fedora and 22 more | 2023-09-17 | 8.5 HIGH | 8.1 HIGH |
| A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. | |||||
| CVE-2016-2124 | 5 Canonical, Debian, Fedoraproject and 2 more | 24 Ubuntu Linux, Debian Linux, Fedora and 21 more | 2023-09-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. | |||||
| CVE-2020-36189 | 4 Debian, Fasterxml, Netapp and 1 more | 40 Debian Linux, Jackson-databind, Cloud Backup and 37 more | 2023-09-13 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. | |||||
| CVE-2020-36188 | 4 Debian, Fasterxml, Netapp and 1 more | 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more | 2023-09-13 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. | |||||