Total
1910 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11800 | 3 Debian, Opensuse, Zabbix | 4 Debian Linux, Backports Sle, Leap and 1 more | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | |||||
| CVE-2020-8647 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2021-12-30 | 3.6 LOW | 6.1 MEDIUM |
| There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. | |||||
| CVE-2020-8649 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2021-12-30 | 3.6 LOW | 5.9 MEDIUM |
| There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. | |||||
| CVE-2020-8631 | 3 Canonical, Debian, Opensuse | 3 Cloud-init, Debian Linux, Leap | 2021-12-22 | 2.1 LOW | 5.5 MEDIUM |
| cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. | |||||
| CVE-2020-3867 | 3 Apple, Opensuse, Webkitgtk | 8 Icloud, Ipados, Iphone Os and 5 more | 2021-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2020-10135 | 2 Bluetooth, Opensuse | 2 Bluetooth Core, Leap | 2021-12-21 | 4.8 MEDIUM | 5.4 MEDIUM |
| Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. | |||||
| CVE-2018-10907 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2021-12-16 | 6.5 MEDIUM | 8.8 HIGH |
| It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution. | |||||
| CVE-2016-0747 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2021-12-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. | |||||
| CVE-2016-0746 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2021-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. | |||||
| CVE-2016-0742 | 6 Apple, Canonical, Debian and 3 more | 6 Xcode, Ubuntu Linux, Debian Linux and 3 more | 2021-12-15 | 5.0 MEDIUM | 7.5 HIGH |
| The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. | |||||
| CVE-2018-10930 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2021-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. | |||||
| CVE-2019-8906 | 4 Apple, Canonical, File Project and 1 more | 7 Iphone Os, Mac Os X, Tvos and 4 more | 2021-12-09 | 3.6 LOW | 4.4 MEDIUM |
| do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. | |||||
| CVE-2019-8905 | 4 Canonical, Debian, File Project and 1 more | 4 Ubuntu Linux, Debian Linux, File and 1 more | 2021-12-09 | 3.6 LOW | 4.4 MEDIUM |
| do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. | |||||
| CVE-2020-2659 | 6 Canonical, Debian, Netapp and 3 more | 23 Ubuntu Linux, Debian Linux, Active Iq Unified Manager and 20 more | 2021-12-06 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2019-7164 | 5 Debian, Opensuse, Oracle and 2 more | 9 Debian Linux, Backports Sle, Leap and 6 more | 2021-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | |||||
| CVE-2020-3868 | 2 Apple, Opensuse | 7 Icloud, Ipados, Iphone Os and 4 more | 2021-12-01 | 9.3 HIGH | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-3865 | 2 Apple, Opensuse | 7 Icloud, Ipados, Iphone Os and 4 more | 2021-12-01 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-3862 | 2 Apple, Opensuse | 7 Icloud, Ipados, Iphone Os and 4 more | 2021-12-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. | |||||
| CVE-2018-18520 | 5 Canonical, Debian, Elfutils Project and 2 more | 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more | 2021-11-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. | |||||
| CVE-2018-18310 | 5 Canonical, Debian, Elfutils Project and 2 more | 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more | 2021-11-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. | |||||