Filtered by vendor Linux
Subscriptions
Filtered by product Linux Kernel
Subscriptions
Total
6949 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-31822 | 2 Linux, Octopus | 2 Linux Kernel, Tentacle | 2024-08-03 | 7.8 High |
| When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access. | ||||
| CVE-2021-31820 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-08-03 | 7.5 High |
| In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI. | ||||
| CVE-2021-31440 | 3 Linux, Netapp, Redhat | 19 Linux Kernel, Cloud Backup, H300e and 16 more | 2024-08-03 | 7.0 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661. | ||||
| CVE-2021-30565 | 3 Fedoraproject, Google, Linux | 4 Fedora, Chrome, Chrome Os and 1 more | 2024-08-03 | 8.8 High |
| Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. | ||||
| CVE-2021-30178 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-08-03 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987. | ||||
| CVE-2021-30002 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-08-03 | 6.2 Medium |
| An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. | ||||
| CVE-2021-29987 | 2 Linux, Mozilla | 3 Linux Kernel, Firefox, Thunderbird | 2024-08-03 | 6.5 Medium |
| After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91. | ||||
| CVE-2021-29986 | 3 Linux, Mozilla, Redhat | 6 Linux Kernel, Firefox, Firefox Esr and 3 more | 2024-08-03 | 8.1 High |
| A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. | ||||
| CVE-2021-29648 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-08-03 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245. | ||||
| CVE-2021-29657 | 1 Linux | 1 Linux Kernel | 2024-08-03 | 7.4 High |
| arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun. | ||||
| CVE-2021-29650 | 4 Debian, Fedoraproject, Linux and 1 more | 5 Debian Linux, Fedora, Linux Kernel and 2 more | 2024-08-03 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. | ||||
| CVE-2021-29647 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-08-03 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. | ||||
| CVE-2021-29646 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-08-03 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. | ||||
| CVE-2021-29649 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-08-03 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. | ||||
| CVE-2021-29488 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-08-03 | 4.3 Medium |
| SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround, limit downloads to NZBs without PAR2 files, deny write permissions to the SABnzbd process outside areas it must access to perform its job, or update to a fixed version. | ||||
| CVE-2021-29264 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-03 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. | ||||
| CVE-2021-29266 | 1 Linux | 1 Linux Kernel | 2024-08-03 | 7.8 High |
| An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0. | ||||
| CVE-2021-29155 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2024-08-03 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. | ||||
| CVE-2021-29265 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-03 | 4.7 Medium |
| An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70. | ||||
| CVE-2021-29154 | 5 Debian, Fedoraproject, Linux and 2 more | 22 Debian Linux, Fedora, Linux Kernel and 19 more | 2024-08-03 | 7.8 High |
| BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. | ||||