Filtered by vendor Debian
Subscribe
Total
9332 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3999 | 3 Debian, Gnu, Netapp | 15 Debian Linux, Glibc, E-series Performance Analyzer and 12 more | 2023-02-12 | N/A | 7.8 HIGH |
| A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. | |||||
| CVE-2021-3772 | 5 Debian, Linux, Netapp and 2 more | 26 Debian Linux, Linux Kernel, E-series Santricity Os Controller and 23 more | 2023-02-12 | 5.8 MEDIUM | 6.5 MEDIUM |
| A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. | |||||
| CVE-2021-3864 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2023-02-12 | N/A | 7.0 HIGH |
| A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. | |||||
| CVE-2021-3744 | 5 Debian, Fedoraproject, Linux and 2 more | 24 Debian Linux, Fedora, Linux Kernel and 21 more | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
| A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. | |||||
| CVE-2021-3507 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2023-02-12 | 3.6 LOW | 6.1 MEDIUM |
| A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory. | |||||
| CVE-2021-3416 | 4 Debian, Fedoraproject, Qemu and 1 more | 4 Debian Linux, Fedora, Qemu and 1 more | 2023-02-12 | 2.1 LOW | 6.0 MEDIUM |
| A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. | |||||
| CVE-2021-3564 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
| A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. | |||||
| CVE-2020-25671 | 4 Debian, Fedoraproject, Linux and 1 more | 23 Debian Linux, Fedora, Linux Kernel and 20 more | 2023-02-12 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. | |||||
| CVE-2020-25672 | 4 Debian, Fedoraproject, Linux and 1 more | 23 Debian Linux, Fedora, Linux Kernel and 20 more | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| A memory leak vulnerability was found in Linux kernel in llcp_sock_connect | |||||
| CVE-2020-25670 | 4 Debian, Fedoraproject, Linux and 1 more | 23 Debian Linux, Fedora, Linux Kernel and 20 more | 2023-02-12 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. | |||||
| CVE-2019-3815 | 2 Debian, Redhat | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2023-02-12 | 2.1 LOW | 3.3 LOW |
| A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2. | |||||
| CVE-2019-3874 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-02-12 | 3.3 LOW | 6.5 MEDIUM |
| The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. | |||||
| CVE-2019-3882 | 6 Canonical, Debian, Fedoraproject and 3 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. | |||||
| CVE-2019-3901 | 3 Debian, Linux, Netapp | 11 Debian Linux, Linux Kernel, Active Iq Unified Manager For Vmware Vsphere and 8 more | 2023-02-12 | 1.9 LOW | 4.7 MEDIUM |
| A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. | |||||
| CVE-2019-3846 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2023-02-12 | 8.3 HIGH | 8.8 HIGH |
| A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. | |||||
| CVE-2019-14901 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-02-12 | 10.0 HIGH | 9.8 CRITICAL |
| A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. | |||||
| CVE-2019-14868 | 3 Apple, Debian, Ksh Project | 3 Mac Os X, Debian Linux, Ksh | 2023-02-12 | 7.2 HIGH | 7.8 HIGH |
| In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. | |||||
| CVE-2019-14897 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA. | |||||
| CVE-2019-14896 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-02-12 | 10.0 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP. | |||||
| CVE-2019-14895 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. | |||||