Total
6281 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12826 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2021-07-15 | 4.4 MEDIUM | 5.3 MEDIUM |
| A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. | |||||
| CVE-2013-2164 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2021-07-15 | 2.1 LOW | N/A |
| The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. | |||||
| CVE-2012-1090 | 3 Linux, Redhat, Suse | 5 Linux Kernel, Enterprise Mrg, Linux Enterprise Desktop and 2 more | 2021-07-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. | |||||
| CVE-2015-1350 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2021-07-15 | 2.1 LOW | 5.5 MEDIUM |
| The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. | |||||
| CVE-2017-15128 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2021-07-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG). | |||||
| CVE-2014-3917 | 3 Linux, Redhat, Suse | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2021-07-15 | 3.3 LOW | N/A |
| kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. | |||||
| CVE-2014-3940 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2021-07-15 | 4.0 MEDIUM | N/A |
| The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c. | |||||
| CVE-2021-29712 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2021-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 200966. | |||||
| CVE-2019-25049 | 2 Linux, Openbsd | 2 Linux Kernel, Libressl | 2021-07-08 | 5.8 MEDIUM | 7.1 HIGH |
| LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx). | |||||
| CVE-2021-36081 | 2 Linux, Tesseract Ocr Project | 2 Linux Kernel, Tesseract Ocr | 2021-07-08 | 6.8 MEDIUM | 7.8 HIGH |
| Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call. | |||||
| CVE-2019-25048 | 2 Linux, Openbsd | 2 Linux Kernel, Libressl | 2021-07-08 | 5.8 MEDIUM | 7.1 HIGH |
| LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print). | |||||
| CVE-2018-25018 | 2 Linux, Rarlab | 2 Linux Kernel, Unrar | 2021-07-07 | 6.8 MEDIUM | 7.8 HIGH |
| UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext. | |||||
| CVE-2017-20006 | 2 Linux, Rarlab | 2 Linux Kernel, Unrar | 2021-07-07 | 6.8 MEDIUM | 7.8 HIGH |
| UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile). | |||||
| CVE-2020-36401 | 2 Linux, Mruby | 2 Linux Kernel, Mruby | 2021-07-06 | 6.8 MEDIUM | 7.8 HIGH |
| mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free). | |||||
| CVE-2020-36402 | 2 Linux, Soliditylang | 2 Linux Kernel, Solidity | 2021-07-06 | 6.8 MEDIUM | 7.8 HIGH |
| Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change. | |||||
| CVE-2020-36404 | 2 Keystone-engine, Linux | 2 Keystone, Linux Kernel | 2021-07-06 | 6.8 MEDIUM | 7.8 HIGH |
| Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl. | |||||
| CVE-2020-36405 | 2 Keystone-engine, Linux | 2 Keystone Engine, Linux Kernel | 2021-07-06 | 6.8 MEDIUM | 7.8 HIGH |
| Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken. | |||||
| CVE-2020-36407 | 2 Aomedia, Linux | 2 Libavif, Linux Kernel | 2021-07-06 | 6.8 MEDIUM | 8.8 HIGH |
| libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid. | |||||
| CVE-2021-36089 | 2 Linux, Zope | 2 Linux Kernel, Grok | 2021-07-06 | 6.8 MEDIUM | 7.8 HIGH |
| Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour). | |||||
| CVE-2020-36386 | 1 Linux | 1 Linux Kernel | 2021-07-06 | 5.6 MEDIUM | 7.1 HIGH |
| An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. | |||||