U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 3,629 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2020-36406

uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll).

Published: June 30, 2021; 11:15:08 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36405

Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken.

Published: June 30, 2021; 11:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36404

Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl.

Published: June 30, 2021; 11:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36403

HTSlib 1.10 through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read).

Published: June 30, 2021; 11:15:07 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36402

Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change.

Published: June 30, 2021; 11:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36401

mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free).

Published: June 30, 2021; 11:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-25049

LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx).

Published: June 30, 2021; 11:15:07 PM -0400
V3.1: 7.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2019-25048

LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).

Published: June 30, 2021; 11:15:07 PM -0400
V3.1: 7.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2018-25018

UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.

Published: June 30, 2021; 11:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-20006

UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).

Published: June 30, 2021; 11:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-20490

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791.

Published: June 29, 2021; 12:15:08 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-29777

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031.

Published: June 24, 2021; 3:15:08 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-29703

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659.

Published: June 24, 2021; 3:15:08 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-20579

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283.

Published: June 24, 2021; 3:15:08 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 3.5 LOW
CVE-2020-4945

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945.

Published: June 24, 2021; 3:15:08 PM -0400
V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2020-4885

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909.

Published: June 24, 2021; 3:15:08 PM -0400
V3.1: 4.7 MEDIUM
V2.0: 1.9 LOW
CVE-2020-28097

The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.

Published: June 24, 2021; 8:15:07 AM -0400
V3.1: 5.9 MEDIUM
V2.0: 3.6 LOW
CVE-2021-33624

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.

Published: June 23, 2021; 12:15:07 PM -0400
V3.1: 4.7 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2021-32078

An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.

Published: June 17, 2021; 11:15:07 AM -0400
V3.1: 7.1 HIGH
V2.0: 6.6 MEDIUM
CVE-2021-29702

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658.

Published: June 16, 2021; 1:15:07 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM