Lucene search
K

10863 matches found

Prion
Prion
added 2021/03/24 8:15 p.m.19 views

Security feature bypass

A vulnerability in a diagnostic command for the Plug-and-Play PnP subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user level 15 on an affected device. The vulnerability is due to insufficient protection of...

6.9CVSS7.7AI score0.00241EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/03/24 8:6 p.m.65 views

CVE-2021-1442

CVE-2021-1442 describes a privilege-escalation in Cisco IOS XE’s Plug-and-Play (PnP) subsystem. An authenticated, local attacker can exploit the diagnostic CLI (show pnp profile) on a device with a specific PnP listener enabled to obtain a privileged authentication token and execute privileged co...

7.8CVSS7.3AI score0.00241EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/03/24 12:0 a.m.6 views

Cisco IOS XE Software 日志信息泄露漏洞

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An elevation of privilege vulnerability exists in the diagnostic command of the Plug and Play PnP subsystem of Cisco IOS XE. The vulnerability stems from inadequate protection of...

7.8CVSS7.1AI score0.00241EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/03/24 12:0 a.m.58 views

EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1684)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mwifiexcmd80211adhocstart in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to...

8.8CVSS7.9AI score0.07693EPSS
Exploits18References23
OSV
OSV
added 2021/03/23 9:57 p.m.3 views

USN-4887-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.3, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-kvm, linux-oem-5.10, linux-oem-5.6, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-raspi2-5.3 vulnerabilities

De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker could use this to expose sensitive information kernel memory or possibly execute arbitrary code...

7.8CVSS7.1AI score0.02079EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2021/03/23 12:0 a.m.51 views

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-4751-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4751-1 advisory. It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive...

8.8CVSS7AI score0.01129EPSS
Exploits10References19
Tenable Nessus
Tenable Nessus
added 2021/03/23 12:0 a.m.73 views

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4750-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4750-1 advisory. Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cau...

8.8CVSS6.9AI score0.01129EPSS
Exploits6References11
Tenable Nessus
Tenable Nessus
added 2021/03/23 12:0 a.m.60 views

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4748-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4748-1 advisory. It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use...

7.8CVSS7.3AI score0.01129EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2021/03/23 12:0 a.m.84 views

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4752-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4752-1 advisory. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure- connections pairing authentication in the...

7.8CVSS8.2AI score0.03292EPSS
Exploits13References21
Oracle linux
Oracle linux
added 2021/03/19 12:0 a.m.188 views

ipa security and bug fix update

4.6.8-5.0.1 - Blank out header-logo.png product-name.png - Replace login-screen-logo.png Orabug: 20362818 4.6.8-5.el79.4 - Resolves: 1897253 IPA WebUI inaccessible after upgrading to RHEL 8.3.- idoverride-memberof.js missing - wgi/plugins.py: ignore empty plugin directories - Resolves: 1895197...

6.9CVSS7.4AI score0.8383EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2021/03/18 12:0 a.m.158 views

CentOS 7 : kernel (RHSA-2021:0856)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0856 advisory. - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID...

8.1CVSS7.1AI score0.06692EPSS
Exploits6References12
Tenable Nessus
Tenable Nessus
added 2021/03/17 12:0 a.m.49 views

RHEL 7 : kernel-rt (RHSA-2021:0857)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0857 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

8.1CVSS7.3AI score0.06692EPSS
Exploits6References24
Tenable Nessus
Tenable Nessus
added 2021/03/17 12:0 a.m.110 views

RHEL 7 : kernel (RHSA-2021:0856)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0856 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Local buffer overflow in...

8.1CVSS7.2AI score0.06692EPSS
Exploits6References26
RedhatCVE
RedhatCVE
added 2021/03/16 6:2 p.m.25 views

CVE-2020-27225

It was found that the Eclipse Platform does not authenticate requests to the Help subsystem on the local web server. A local attacker could use this vulnerability to disrupt the Eclipse user's session, potentially causing Eclipse to damage or disclose data owned by that user...

7.8CVSS1.9AI score0.00336EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2021/03/16 3:14 p.m.2 views

kernel: performance counters race condition use-after-free

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integri...

7.8CVSS6.8AI score0.00302EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/16 3:14 p.m.3 views

kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free

A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/ttyjobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS6.7AI score0.01129EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2021/03/16 2:5 p.m.5 views

kernel: out-of-bounds reads in pinctrl subsystem.

A flaw was found in the Linux pinctrl system. It is possible to trigger an of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed...

5.5CVSS6.9AI score0.00492EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/16 2:5 p.m.3 views

kernel: performance counters race condition use-after-free

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integri...

7.8CVSS6.8AI score0.00302EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/16 2:5 p.m.9 views

kernel: use-after-free in read in vt_do_kdgkb_ioctl

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality...

4.1CVSS6.7AI score0.00434EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2021/03/16 2:5 p.m.5 views

kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free

A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/ttyjobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS6.7AI score0.01129EPSS
Exploits2References4
Rows per page
Query Builder