Total
9187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33293 | 2 Debian, Libpano13 Project | 2 Debian Linux, Libpano13 | 2022-05-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c. | |||||
| CVE-2022-0487 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2022-04-30 | 2.1 LOW | 5.5 MEDIUM |
| A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. | |||||
| CVE-2021-21284 | 3 Debian, Docker, Netapp | 3 Debian Linux, Docker, E-series Santricity Os Controller | 2022-04-29 | 2.7 LOW | 6.8 MEDIUM |
| In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. | |||||
| CVE-2020-11494 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2022-04-29 | 2.1 LOW | 4.4 MEDIUM |
| An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4. | |||||
| CVE-2020-12284 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2022-04-29 | 10.0 HIGH | 9.8 CRITICAL |
| cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. | |||||
| CVE-2020-12243 | 8 Apple, Broadcom, Canonical and 5 more | 26 Mac Os X, Brocade Fabric Operating System, Ubuntu Linux and 23 more | 2022-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | |||||
| CVE-2020-3812 | 3 Canonical, Debian, Netqmail | 3 Ubuntu Linux, Debian Linux, Netqmail | 2022-04-28 | 2.1 LOW | 5.5 MEDIUM |
| qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first. | |||||
| CVE-2020-3811 | 3 Canonical, Debian, Netqmail | 3 Ubuntu Linux, Debian Linux, Netqmail | 2022-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. | |||||
| CVE-2020-15393 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2022-04-28 | 2.1 LOW | 5.5 MEDIUM |
| In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. | |||||
| CVE-2020-25285 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2022-04-28 | 4.4 MEDIUM | 6.4 MEDIUM |
| A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. | |||||
| CVE-2020-25212 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2022-04-28 | 4.4 MEDIUM | 7.0 HIGH |
| A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. | |||||
| CVE-2020-25284 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2022-04-28 | 1.9 LOW | 4.1 MEDIUM |
| The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. | |||||
| CVE-2020-25032 | 3 Debian, Flask-cors Project, Opensuse | 4 Debian Linux, Flask-cors, Backports Sle and 1 more | 2022-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. | |||||
| CVE-2020-15683 | 3 Debian, Mozilla, Opensuse | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. | |||||
| CVE-2020-0423 | 2 Debian, Google | 2 Debian Linux, Android | 2022-04-28 | 7.2 HIGH | 7.8 HIGH |
| In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A | |||||
| CVE-2020-15673 | 3 Debian, Mozilla, Opensuse | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2022-04-28 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | |||||
| CVE-2020-6558 | 4 Apple, Debian, Google and 1 more | 5 Iphone Os, Debian Linux, Chrome and 2 more | 2022-04-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-26870 | 4 Cure53, Debian, Microsoft and 1 more | 5 Dompurify, Debian Linux, Visual Studio 2017 and 2 more | 2022-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. | |||||
| CVE-2020-26088 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2022-04-27 | 2.1 LOW | 5.5 MEDIUM |
| A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. | |||||
| CVE-2020-25467 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2022-04-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file. | |||||