Total
10526 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25704 | 3 Debian, Linux, Starwindsoftware | 6 Debian Linux, Linux Kernel, Command Center and 3 more | 2022-10-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. | |||||
| CVE-2022-3566 | 1 Linux | 1 Linux Kernel | 2022-10-20 | N/A | 7.1 HIGH |
| A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability. | |||||
| CVE-2022-1116 | 2 Linux, Netapp | 9 Linux Kernel, H300s, H300s Firmware and 6 more | 2022-10-19 | 7.2 HIGH | 7.8 HIGH |
| Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. | |||||
| CVE-2020-29370 | 2 Linux, Netapp | 10 Linux Kernel, Cloud Backup, H410c and 7 more | 2022-10-19 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. | |||||
| CVE-2022-23770 | 2 Linux, Wisa | 2 Linux Kernel, Smart Wing Cms | 2022-10-19 | N/A | 9.8 CRITICAL |
| This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal. | |||||
| CVE-2020-36322 | 3 Debian, Linux, Starwindsoftware | 3 Debian Linux, Linux Kernel, Starwind Virtual San | 2022-10-14 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. | |||||
| CVE-2022-0854 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2022-10-14 | 2.1 LOW | 5.5 MEDIUM |
| A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. | |||||
| CVE-2022-1734 | 3 Debian, Linux, Netapp | 18 Debian Linux, Linux Kernel, H300e and 15 more | 2022-10-14 | 4.4 MEDIUM | 7.0 HIGH |
| A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. | |||||
| CVE-2019-7108 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2022-10-12 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . | |||||
| CVE-2019-7096 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2022-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-9213 | 5 Canonical, Debian, Linux and 2 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2022-10-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. | |||||
| CVE-2022-1011 | 6 Debian, Fedoraproject, Linux and 3 more | 38 Debian Linux, Fedora, Linux Kernel and 35 more | 2022-10-12 | 4.6 MEDIUM | 7.8 HIGH |
| A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. | |||||
| CVE-2022-41291 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2022-10-09 | N/A | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699. | |||||
| CVE-2022-22493 | 2 Ibm, Linux | 2 Websphere Automation For Ibm Cloud Pak For Watson Aiops, Linux Kernel | 2022-10-09 | N/A | 8.8 HIGH |
| IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449. | |||||
| CVE-2022-34308 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2022-10-08 | N/A | 5.5 MEDIUM |
| IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437. | |||||
| CVE-2020-8834 | 4 Canonical, Ibm, Linux and 1 more | 4 Ubuntu Linux, Power8, Linux Kernel and 1 more | 2022-10-07 | 4.9 MEDIUM | 6.5 MEDIUM |
| KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures") 87a11bb6a7f7 ("KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it's believed the first is the only strictly necessary commit: 6f597c6b63b6 ("KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()") 7b0e827c6970 ("KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm") 009c872a8bc4 ("KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file") | |||||
| CVE-2020-35753 | 3 Linux, Microsoft, Persis | 3 Linux Kernel, Windows, Human Resource Management Portal | 2022-10-07 | 2.6 LOW | 6.1 MEDIUM |
| The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the "Recommend job posting" function is enabled, allows XSS via the SENDER parameter. | |||||
| CVE-2018-13099 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2022-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr. | |||||
| CVE-2018-13096 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2022-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image. | |||||
| CVE-2020-29372 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2022-10-06 | 4.7 MEDIUM | 4.7 MEDIUM |
| An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e. | |||||