Total
2026 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2848 | 8 Canonical, Fedoraproject, Linux and 5 more | 13 Ubuntu Linux, Fedora, Linux Kernel and 10 more | 2020-08-28 | 5.9 MEDIUM | N/A |
| The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. | |||||
| CVE-2013-1813 | 3 Busybox, Redhat, T-mobile | 3 Busybox, Enterprise Linux, Tm-ac1900 | 2020-08-27 | 7.2 HIGH | N/A |
| util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors. | |||||
| CVE-2016-6170 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2020-08-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. | |||||
| CVE-2019-19081 | 3 Linux, Opensuse, Redhat | 3 Linux Kernel, Leap, Enterprise Linux | 2020-08-24 | 7.1 HIGH | 5.9 MEDIUM |
| A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a. | |||||
| CVE-2018-17456 | 4 Canonical, Debian, Git-scm and 1 more | 11 Ubuntu Linux, Debian Linux, Git and 8 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. | |||||
| CVE-2019-8324 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Leap, Enterprise Linux and 1 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check. | |||||
| CVE-2019-15030 | 4 Canonical, Linux, Opensuse and 1 more | 4 Ubuntu Linux, Linux Kernel, Leap and 1 more | 2020-08-24 | 3.6 LOW | 4.4 MEDIUM |
| In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. | |||||
| CVE-2019-11989 | 3 Hp, Microsoft, Redhat | 5 Hp-ux, Icewall Sso Agent, Mfa Proxy and 2 more | 2020-08-24 | 7.1 HIGH | 5.9 MEDIUM |
| A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL 7, 10.0 for Apache 2.4 on HP-UX 11i v3, 10.0 for IIS on Windows, 11.0 for Apache 2.4 on RHEL 7, MFA Proxy 4.0 (Agent module only) for Apache 2.4 on RHEL 7. | |||||
| CVE-2018-5095 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. | |||||
| CVE-2018-1000199 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2020-08-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. | |||||
| CVE-2012-6655 | 4 Accountsservice Project, Debian, Opensuse and 1 more | 4 Accountsservice, Debian Linux, Opensuse and 1 more | 2020-08-18 | 2.1 LOW | 3.3 LOW |
| An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. | |||||
| CVE-2005-4890 | 3 Debian, Redhat, Sudo Project | 4 Debian Linux, Shadow, Enterprise Linux and 1 more | 2020-08-18 | 7.2 HIGH | 7.8 HIGH |
| There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. | |||||
| CVE-2015-7810 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2020-08-18 | 3.3 LOW | 4.7 MEDIUM |
| libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files | |||||
| CVE-2011-3632 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2020-08-18 | 3.6 LOW | 7.1 HIGH |
| Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | |||||
| CVE-2016-1000002 | 4 Debian, Gnome, Opensuse and 1 more | 4 Debian Linux, Gnome Display Manager, Leap and 1 more | 2020-08-18 | 2.1 LOW | 2.4 LOW |
| gdm3 3.14.2 and possibly later has an information leak before screen lock | |||||
| CVE-2012-5521 | 3 Debian, Quagga, Redhat | 3 Debian Linux, Quagga, Enterprise Linux | 2020-08-18 | 3.3 LOW | 6.5 MEDIUM |
| quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal | |||||
| CVE-2011-3630 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2020-08-18 | 6.8 MEDIUM | 8.8 HIGH |
| Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable. | |||||
| CVE-2012-6136 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2020-08-18 | 4.9 MEDIUM | 5.5 MEDIUM |
| tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. | |||||
| CVE-2011-3631 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2020-08-18 | 6.8 MEDIUM | 8.8 HIGH |
| Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges. | |||||
| CVE-2012-5644 | 4 Debian, Fedoraproject, Libuser Project and 1 more | 4 Debian Linux, Fedora, Libuser and 1 more | 2020-08-18 | 4.9 MEDIUM | 5.5 MEDIUM |
| libuser has information disclosure when moving user's home directory | |||||