Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-1380 |
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. Published: March 27, 2023; 5:15:10 PM -0400 |
V3.1: 7.1 HIGH V2.0:(not available) |
CVE-2022-40617 |
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. Published: October 31, 2022; 2:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-41222 |
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. Published: September 21, 2022; 4:15:09 AM -0400 |
V3.1: 7.0 HIGH V2.0:(not available) |
CVE-2022-39177 |
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. Published: September 02, 2022; 12:15:11 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-39176 |
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. Published: September 02, 2022; 12:15:11 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-1184 |
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. Published: August 29, 2022; 11:15:10 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-34918 |
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. Published: July 04, 2022; 5:15:07 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-29581 |
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. Published: May 17, 2022; 1:15:08 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-1055 |
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 Published: March 29, 2022; 11:15:08 AM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-3748 |
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. Published: March 23, 2022; 4:15:09 PM -0400 |
V3.1: 7.5 HIGH V2.0: 6.9 MEDIUM |
CVE-2021-3737 |
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. Published: March 04, 2022; 2:15:08 PM -0500 |
V3.1: 7.5 HIGH V2.0: 7.1 HIGH |
CVE-2021-3640 |
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. Published: March 03, 2022; 6:15:08 PM -0500 |
V3.1: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2022-0492 |
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. Published: March 03, 2022; 2:15:08 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.9 MEDIUM |
CVE-2021-4115 |
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned Published: February 21, 2022; 5:15:07 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-44142 |
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. Published: February 21, 2022; 10:15:07 AM -0500 |
V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2022-0543 |
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. Published: February 18, 2022; 3:15:17 PM -0500 |
V3.1: 10.0 CRITICAL V2.0: 10.0 HIGH |
CVE-2021-4093 |
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario. Published: February 18, 2022; 1:15:10 PM -0500 |
V3.1: 8.8 HIGH V2.0: 7.2 HIGH |
CVE-2020-25722 |
Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. Published: February 18, 2022; 1:15:08 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2020-25719 |
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. Published: February 18, 2022; 1:15:08 PM -0500 |
V3.1: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2020-25717 |
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. Published: February 18, 2022; 1:15:08 PM -0500 |
V3.1: 8.1 HIGH V2.0: 8.5 HIGH |