Total
242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35001 | 4 Debian, Fedoraproject, Linux and 1 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2024-01-11 | N/A | 7.8 HIGH |
| Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace | |||||
| CVE-2023-3212 | 5 Debian, Fedoraproject, Linux and 2 more | 14 Debian Linux, Fedora, Linux Kernel and 11 more | 2024-01-11 | N/A | 4.4 MEDIUM |
| A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. | |||||
| CVE-2023-45862 | 2 Linux, Netapp | 4 Linux Kernel, Active Iq Unified Manager, H410c and 1 more | 2024-01-08 | N/A | 5.5 MEDIUM |
| An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation. | |||||
| CVE-2022-24122 | 3 Fedoraproject, Linux, Netapp | 18 Fedora, Linux Kernel, H300e and 15 more | 2023-12-28 | 6.9 MEDIUM | 7.8 HIGH |
| kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. | |||||
| CVE-2022-48502 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410c and 3 more | 2023-12-15 | N/A | 7.1 HIGH |
| An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c. | |||||
| CVE-2019-14835 | 8 Canonical, Debian, Fedoraproject and 5 more | 44 Ubuntu Linux, Debian Linux, Fedora and 41 more | 2023-12-15 | 7.2 HIGH | 7.8 HIGH |
| A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. | |||||
| CVE-2023-1380 | 5 Canonical, Debian, Linux and 2 more | 14 Ubuntu Linux, Debian Linux, Linux Kernel and 11 more | 2023-12-08 | N/A | 7.1 HIGH |
| A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. | |||||
| CVE-2022-0492 | 6 Canonical, Debian, Fedoraproject and 3 more | 30 Ubuntu Linux, Debian Linux, Fedora and 27 more | 2023-12-07 | 6.9 MEDIUM | 7.8 HIGH |
| A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | |||||
| CVE-2023-32248 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410c and 3 more | 2023-12-04 | N/A | 7.5 HIGH |
| A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. | |||||
| CVE-2023-35826 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410c and 3 more | 2023-12-04 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c. | |||||
| CVE-2023-1295 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410c and 3 more | 2023-12-04 | N/A | 7.0 HIGH |
| A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93. | |||||
| CVE-2021-3743 | 4 Fedoraproject, Linux, Netapp and 1 more | 21 Fedora, Linux Kernel, H300e and 18 more | 2023-11-09 | 3.6 LOW | 7.1 HIGH |
| An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2019-15213 | 3 Linux, Netapp, Opensuse | 8 Linux Kernel, Active Iq Unified Manager, Data Availability Services and 5 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. | |||||
| CVE-2021-3760 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2023-11-09 | 7.2 HIGH | 7.8 HIGH |
| A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. | |||||
| CVE-2021-25220 | 5 Fedoraproject, Isc, Juniper and 2 more | 48 Fedora, Bind, Junos and 45 more | 2023-11-09 | 4.0 MEDIUM | 6.8 MEDIUM |
| BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. | |||||
| CVE-2021-3739 | 3 Fedoraproject, Linux, Netapp | 18 Fedora, Linux Kernel, H300e and 15 more | 2023-11-09 | 3.6 LOW | 7.1 HIGH |
| A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2019-15219 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. | |||||
| CVE-2020-36516 | 2 Linux, Netapp | 29 Linux Kernel, Bootstrap Os, Cloud Volumes Ontap Mediator and 26 more | 2023-11-09 | 4.9 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. | |||||
| CVE-2019-15217 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. | |||||
| CVE-2019-15223 | 3 Canonical, Linux, Netapp | 8 Ubuntu Linux, Linux Kernel, Active Iq Unified Manager and 5 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c driver. | |||||