Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4325 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 4.9 MEDIUM | N/A |
| The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP. | |||||
| CVE-2011-2905 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 6.2 MEDIUM | N/A |
| Untrusted search path vulnerability in the perf_config function in tools/perf/util/config.c in perf, as distributed in the Linux kernel before 3.1, allows local users to overwrite arbitrary files via a crafted config file in the current working directory. | |||||
| CVE-2011-2504 | 1 Xfree86 | 1 X11perf | 2023-02-13 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory. | |||||
| CVE-2016-6835 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Enterprise Linux and 1 more | 2023-02-12 | 2.1 LOW | 6.0 MEDIUM |
| The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length. | |||||
| CVE-2016-4581 | 3 Canonical, Linux, Oracle | 3 Ubuntu Linux, Linux Kernel, Linux | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls. | |||||
| CVE-2016-4470 | 4 Linux, Novell, Oracle and 1 more | 14 Linux Kernel, Suse Linux Enterprise Real Time Extension, Linux and 11 more | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. | |||||
| CVE-2016-0758 | 3 Canonical, Linux, Redhat | 9 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 6 more | 2023-02-12 | 7.2 HIGH | 7.8 HIGH |
| Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data. | |||||
| CVE-2016-0728 | 5 Canonical, Debian, Google and 2 more | 5 Ubuntu Linux, Debian Linux, Android and 2 more | 2023-02-12 | 7.2 HIGH | 7.8 HIGH |
| The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. | |||||
| CVE-2015-0267 | 1 Redhat | 1 Kexec-tools | 2023-02-12 | 3.6 LOW | N/A |
| The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2022-43665 | 1 Estsoft | 1 Alyac | 2023-02-10 | N/A | 5.5 MEDIUM |
| A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-48023 | 1 Zammad | 1 Zammad | 2023-02-09 | N/A | 4.3 MEDIUM |
| Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags. | |||||
| CVE-2021-39653 | 1 Google | 1 Android | 2023-02-03 | 4.6 MEDIUM | 7.8 HIGH |
| In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193443223References: N/A | |||||
| CVE-2021-44776 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2023-02-03 | N/A | 5.3 MEDIUM |
| A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | |||||
| CVE-2023-22405 | 1 Juniper | 15 Ex4600, Ex4600-vc, Ex4650 and 12 more | 2023-02-03 | N/A | 6.5 MEDIUM |
| An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. When a device is configured with "service-provider/SP style" switching, and mac-limiting is configured on an Aggregated Ethernet (ae) interface, and then a PFE is restarted or the device is rebooted, mac-limiting doesn't work anymore. Please note that the issue might not be apparent as traffic will continue to flow through the device although the mac table and respective logs will indicate that mac limit is reached. Functionality can be restored by removing and re-adding the MAC limit configuration. This issue affects Juniper Networks Junos OS on QFX5k Series, EX46xx Series: All versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3 on; 21.4 versions prior to 21.4R3 on; 22.1 versions prior to 22.1R2 on. | |||||
| CVE-2021-26733 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2023-02-03 | N/A | 7.5 HIGH |
| A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | |||||
| CVE-2020-15653 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2023-02-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | |||||
| CVE-2019-10153 | 2 Clusterlabs, Redhat | 4 Fence-agents, Enterprise Linux, Enterprise Linux Server and 1 more | 2023-02-02 | 4.0 MEDIUM | 5.0 MEDIUM |
| A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member. | |||||
| CVE-2022-38715 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 8.8 HIGH |
| A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2018-3891 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2023-02-02 | 2.1 LOW | 4.6 MEDIUM |
| An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability. | |||||
| CVE-2019-6545 | 1 Aveva | 2 Indusoft Web Studio, Intouch Machine Edition 2014 | 2023-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine. | |||||