CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6621 matches found

Prion•added 2022/01/06 6:15 p.m.•33 views

Design/Logic Flaw

Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...

2.1CVSS6.5AI score0.00332EPSS

Exploits0References5Affected Software2

UbuntuCve•added 2022/01/06 6:15 p.m.•58 views

CVE-2021-28714

6.5CVSS6.7AI score0.00325EPSS

Exploits0References8

Prion•added 2022/01/06 6:15 p.m.•23 views

Design/Logic Flaw

2.1CVSS6.5AI score0.00332EPSS

Exploits0References5Affected Software2

OSV•added 2022/01/06 6:15 p.m.•1 views

UBUNTU-CVE-2021-28715

6.5CVSS6.6AI score0.00332EPSS

Exploits0References9

Cvelist•added 2022/01/06 5:6 p.m.•33 views

CVE-2021-28715

7.2AI score0.00332EPSS

Exploits0References5

CVE•added 2022/01/06 5:6 p.m.•245 views

CVE-2021-28715

CVE-2021-28715 concerns the Linux kernel netback driver in Xen guests. The Xen netback path buffers incoming guest data until the guest processes it, and although there are safeguards to limit buffering, an attacker running in a guest can bypass them. Specifically, when using UDP on a fast interf...

6.5CVSS6.6AI score0.00332EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2022/01/06 5:6 p.m.•6 views

CVE-2021-28715

6.8AI score0.00332EPSS

Exploits0References5

Debian CVE•added 2022/01/06 5:6 p.m.•50 views

CVE-2021-28714

6.5CVSS6.9AI score0.00325EPSS

Exploits0

CNNVD•added 2022/01/06 12:0 a.m.•4 views

OpenBSD 信息泄露漏洞

OpenBSD is a cross-platform, BSD-based UNIX-like operating system from the Canadian OpenBSD project team. OpenBSD suffers from an information disclosure vulnerability that stems from an error in the implementation of multicast routing in the OpenBSD kernel. A local user can run a specially crafte...

3.3CVSS4.9AI score0.00248EPSS

Exploits0References3

Gitee•added 2021/12/31 1:16 p.m.•7 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Sophos Hitmanpro

引用这篇文章的目的是介绍一种基于内核态内存的越界写入通用利用技术和相关工具复现. toc 简介笔者的在原作者池风水利用工具以下简称工具基础上进行二次开发,新增了全自动获取内核调试模块符号的偏移量及配置参数和不同漏洞利用方式优化等功能, 解决了不同Windows版本适配问题,工具包括适配驱动和利用程序两部分组成,实现了在Windows 10 19H1之后任意版本包括满补丁系统上的稳定利用. 自Windows 10 19H1开始，用户层段堆（Segment Heap）结构后端逻辑被用于内核层，主要分为低碎片化堆Low-fragmentation Heap与VS堆Variable Size...

9.3CVSS7.9AI score0.20268EPSS

Exploits9

Positive Technologies•added 2021/12/31 12:0 a.m.•7 views

PT-2021-8042 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17-rc1 Description: The issue is related to an information leak flaw in the Linux kernel's TIPC protocol subsystem. This flaw occurs due to uninitialized memory when a user sends a TIPC datagram to one or more...

9.8CVSS7.1AI score0.67994EPSS

Exploits201References905

Veracode•added 2021/12/28 10:8 a.m.•43 views

Privilege Escalation

linux-azure:hirsute is vulnerable to privilege escalation. aspeedlpcctrlmmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c allows an attacker to access the Aspeed LPC control interface and to overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a...

7.8CVSS7.8AI score0.00358EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2021/12/22 12:0 a.m.•4 views

PT-2021-7224 · Freebsd · Freebsd

Name of the Vulnerable Software and Affected Versions: FreeBSD affected versions not specified Description: The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode, a...

9.8CVSS7.7AI score0.0362EPSS

Exploits0References22

Mageia•added 2021/12/21 11:27 p.m.•67 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.10 and fixes at least the following security issues: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially...

7.8CVSS3AI score0.00513EPSS

Exploits3References5

CNNVD•added 2021/12/20 12:0 a.m.•4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. kernel is one of the kernel-based virtual machines. a security vulnerability exists in Linux kernel, which stems from the fact that guest users can force the Linux netback driver to consume large amounts...

6.5CVSS6.2AI score0.00332EPSS

Exploits0References22

OSV•added 2021/12/15 7:15 p.m.•1 views

DEBIAN-CVE-2021-39648

In gadgetdevdescUDCshow of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

4.1CVSS6.6AI score0.00161EPSS

Exploits0References1

OSV•added 2021/12/15 7:15 p.m.•5 views

CVE-2021-39648

4.1CVSS5.2AI score

Exploits0References2

Prion•added 2021/12/15 7:15 p.m.•20 views

Information disclosure

In quotaprocwrite of xtquota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

2.1CVSS4.2AI score0.00146EPSS

Exploits0References1

UbuntuCve•added 2021/12/15 7:15 p.m.•20 views

CVE-2021-0961

4.4CVSS6.1AI score0.00146EPSS

Exploits0References5

OSV•added 2021/12/15 7:15 p.m.•2 views

UBUNTU-CVE-2021-39648

4.1CVSS6.8AI score0.00161EPSS

Exploits0References5

Rows per page