42 matches found
CVE-2022-0847
CVE-2022-0847 (Dirty Pipe) is a Linux kernel local privilege-escalation flaw in the pipe buffer handling (flags field) where copy_page_to_iter_pipe and push_pipe fail to initialize flags, allowing an unprivileged local user to write to pages cached from read-only files. Public advisories confirm ...
CVE-2023-4911
CVE-2023-4911 is a buffer overflow in the GNU C Library ld.so when processing GLIBC_TUNABLES, enabling local privilege escalation via malicious GLIBC_TUNABLES values when launching binaries with SUID. Affected: glibc, with versions older than 2.38-6 (per CBLMARINER:34733) and older listings notin...
CVE-2019-8720
CVE-2019-8720 is a WebKit-based memory-corruption vulnerability affecting WebKitGTK/WebKit2GTK components. Public sources in the Connected Documents identify arbitrary-code-execution potential when processing malicious web content (WebKitGTK/WebKit2GTK). Debian’s security advisory lists CVE-2019-...
CVE-2021-44142
The CVE-2021-44142 issue is in the Samba vfs_fruit module. It allows out-of-bounds heap read/write via specially crafted extended file attributes (xattrs) when vfs_fruit is configured on Samba versions older than 4.13.17, 4.14.12, and 4.15.5. A remote attacker with write access to xattrs can exec...
CVE-2021-3737
CVE-2021-3737 is a vulnerability in Python’s HTTP client where an improperly handled HTTP response from a server could cause the client script to enter an infinite loop, leading to CPU-based DoS and affecting availability. The issue is documented across multiple advisories and packages (e.g., Pyt...
CVE-2020-25717
CVE-2020-25717 affects Samba: an authenticated user mapping domain users to local users can lead to privilege escalation. Public references in Connected documents confirm this is a Samba issue (no exploit details provided here). Several advisories and vendor notes indicate patches or updated pack...
CVE-2021-3733
CVE-2021-3733 describes a Regular Expression Denial of Service (ReDoS) in urllib’s AbstractBasicAuthHandler. An attacker who controls a malicious HTTP server that a client connects to can trigger a ReDoS during an authentication request with a crafted payload, potentially affecting availability o...
CVE-2022-0492
CVE-2022-0492 is a Linux kernel local-privilege-escalation flaw in the cgroups v1 release_agent handling (function cgroup_release_agent_write in kernel/cgroup/cgroup-v1.c). The issue arises because releasing the release_agent does not enforce proper capabilities, enabling a local attacker to esca...
CVE-2016-2124
CVE-2016-2124 is a Samba SMB1 authentication flaw. The vulnerability lets an attacker retrieve plaintext passwords sent over the wire, even when Kerberos may be required. Connected sources confirm Samba SMB1 handling is at issue, with advisories across Red Hat, Amazon Linux 2/ALAS, Alpine and Clo...
CVE-2019-11135
CVE-2019-11135 is a TSX Transactional Synchronization Extensions-related vulnerability in Intel CPUs causing potential information disclosure via a side channel when TSX Acknowledges an abort. The connected documents describe a subsequent issue (CVE-2019-19338) in the fix path for CVE-2019-11135 ...
CVE-2022-1011
CVE-2022-1011: A use-after-free vulnerability in the Linux kernel FUSE implementation when a user triggers write(), enabling local privilege escalation. Affected component is the FUSE filesystem in the kernel; impact is unauthorized access to data from FUSE mounts and potential escalation. Connec...
CVE-2022-0435
CVE-2022-0435 is a Linux kernel TIPc stack overflow issue. The vulnerability occurs in TIPc domain record handling when a peer sends a domain with more than 64 members, enabling a remote attacker with access to the TIPc network to crash the system and potentially escalate privileges. Connected ad...
CVE-2022-0330
CVE-2022-0330 affects the Linux kernel i915 GPU driver. The root cause is a missing GPU TLB flush in the i915 driver, enabling a local attacker to cause a denial of service or privilege escalation by running code on the GPU. Public documents from connected sources confirm the flaw and its associa...
CVE-2021-3669
CVE-2021-3669 is a Linux kernel vulnerability where measuring shared memory usage does not scale with large shared memory segment counts, enabling resource exhaustion and DoS. Connected sources confirm the issue affects multiple kernel versions and distributions, with remediations following vendo...
CVE-2021-3656
CVE-2021-3656 describes a flaw in the KVM hypervisor for AMD processors where the L1 guest can provide a VMCB with an improperly validated virt_ext field, allowing the L1 to disable VMLOAD/VMSAVE intercepts and VLS for the L2 guest. This enables the L2 guest to read/write portions of the host’s p...
CVE-2022-0516
CVE-2022-0516 affects the KVM for s390 in the Linux kernel, specifically the arch/s390/kvm/kvm-s390.c function kvm_s390_guest_sida_op. The vulnerability allows a local user with normal privileges to obtain unauthorized memory write access due to an insufficient check in the KVM s390x release_agen...
CVE-2021-23177
CVE-2021-23177 concerns an improper link resolution flaw in libarchive when extracting archives. A crafted archive could trigger changes to the ACL of the link target, potentially allowing a local attacker to modify file ACLs and gain higher privileges. The vulnerability is described across multi...
CVE-2019-3459
The CVE-2019-3459 entry concerns a heap address information leak in the Linux kernel, occurring before version 5.1-rc1 when using the L2CAP_GET_CONF_OPT path. Affected software is the Linux kernel (pre-5.1-rc1); the underlying issue is an information exposure vulnerability in this Bluetooth-relat...
CVE-2019-3460
CVE-2019-3460 affects the Linux kernel and is a heap data information leak in multiple locations, including L2CAP_PARSE_CONF_RSP, reported as present in builds before 5.1-rc1. The issue arises from a heap information leak in L2CAP handling; the advisory notes updates to address it in kernel relea...
CVE-2023-5455
CVE-2023-5455 is a Cross-Site Request Forgery vulnerability in FreeIPA’s ipa/session/login_password path, enabling an attacker to trick a logged-in user into submitting actions with the user’s rights. The initial description notes that CSRF protection is missing on certain HTTP endpoints, and tha...
CVE-2021-3744
CVE-2021-3744 is a memory-leak DoS in the Linux kernel: the flaw occurs in the ccp_run_aes_gcm_cmd() function (drivers/crypto/ccp/ccp-ops.c), allowing memory consumption-based denial of service. Connected advisories (Astra Linux and Amazon Linux 2 kernel updates) confirm the same root cause and n...
CVE-2024-1488
CVE-2024-1488 affects Unbound where the default permissions allow a local attacker outside the unbound group to alter the running resolver via localhost:8953. The impact can include changing forwarders, monitoring queries, or disrupting resolution. Remediation guidance appears in the MiracleLinux...
CVE-2024-0193
CVE-2024-0193 is a Linux kernel netfilter NFT_TABLES use-after-free flaw. The issue arises when the catchall element is garbage-collected during removal of the pipapo set, enabling double deactivation of the element and a use-after-free on NFT_CHAIN or NFT_OBJECT. This could allow a local unprivi...
CVE-2023-0179
CVE-2023-0179 is a Linux kernel Netfilter vulnerability involving a buffer overflow in the NFT payload path that could leak stack/heap addresses and enable local privilege escalation via arbitrary code execution. Connected advisories confirm a fix in the Linux kernel: Astra Linux describes correc...
CVE-2023-5633
CVE-2023-5633 is documented in an IBM QRadar SIEM bulletin as a Linux Kernel use-after-free vulnerability: a memory-management flaw in handling memory objects for GEM objects can allow a local, authenticated attacker to gain elevated privileges within a VM with 3D acceleration (VMware guest). The...
CVE-2021-31566
CVE-2021-31566 affects the libarchive library and is documented across multiple advisories. The flaw is an improper link resolution during archive extraction that can change file modes, times, ACLs and flags of files outside the archive, potentially enabling a local privilege escalation. Connecte...
CVE-2021-20257
CVE-2021-20257 concerns QEMU’s e1000 NIC emulator. The issue is an infinite loop in process_tx_desc when tx descriptor fields are invalid, allowing a guest to exhaust host CPU and cause DoS. Connected advisories confirm this affects QEMU and related builds (e.g., Debian LTS, Red Hat/AL2, Astra Li...
CVE-2021-3930
CVE-2021-3930 concerns an off-by-one error in the SCSI device emulation of QEMU during MODE SELECT handling in mode_sense_page() when page is MODE_PAGE_ALLS (0x3f). The vulnerability can allow a malicious guest to crash QEMU, causing a denial of service. Affected software is QEMU (various release...
CVE-2023-4732
The CVE-2023-4732 issue affects the Linux Kernel memory management path, specifically pfn_swap_entry_to_page in the page table handling. It states that a local user could trigger a denial of service by exploiting a BUG referencing pmd_t x, leading to a DoS condition. The root cause is described a...
CVE-2021-3659
CVE-2021-3659 is a local NULL pointer dereference in the Linux kernel’s IEEE 802.15.4 LR-WPAN subsystem. The specific code path cited in connected sources is a NULL pointer dereference in llsec_key_alloc() within net/mac802154/llsec.c, which can be triggered during LR-WPAN connection closure and ...
CVE-2023-4641
Affects shadow-utils. The flaw occurs when changing a password: shadow-utils asks for the password twice, and if the second attempt fails, it does not properly clean the buffer, potentially allowing an attacker with sufficient access to retrieve the previous password from memory. Multiple advisor...
CVE-2020-27842
CVE-2020-27842 affects the OpenJPEG2 library, specifically the t2 encoder. A crafted input to OpenJPEG prior to version 2.4.0 can trigger a null pointer dereference, with the highest impact being a denial of service through reduced availability. Connected advisories confirm OpenJPEG vulnerabiliti...
CVE-2021-3695
CVE-2021-3695 affects grub2. A crafted 16-bit grayscale PNG image can cause an out-of-bounds write in grub2 heap, leading to heap data corruption and potentially arbitrary code execution, bypassing secure boot protections. The vulnerability requires heap-layout triage and the written values are r...
CVE-2023-3758
CVE-2023-3758 affects the System Security Services Daemon (SSSD). A race condition causes GPO policy to be inconsistently applied for authenticated users, leading to improper authorization (granting or denying access). Publicly referenced advisories confirm this issue across multiple distribution...
CVE-2025-2784
CVE-2025-2784 affects the libsoup library (GNOME HTTP client/server). A heap buffer over-read/over-run vulnerability is reported in the content sniffing path, notably in skip_insignificant_space (and related sniffing functions), allowing an out-of-bounds read on crafted responses. Connected advis...
CVE-2023-4042
Ghostscript is the affected component. CVE-2023-4042 denotes an incomplete fix for CVE-2020-16305 in Ghostscript as shipped with Red Hat Enterprise Linux 8, with Red Hat advisories noting the fix was not included as claimed. Published connections from AlmaLinux and Amazon Linux advisories frame C...
CVE-2021-3697
CVE-2021-3697 is a grub2 JPEG handling vulnerability where crafting a JPEG image may cause a heap underflow in the JPEG reader, enabling data corruption and potentially code execution or secure-boot circumvention. It affects grub2 versions prior to the fixed release (notably legacy references to ...
CVE-2021-3975
CVE-2021-3975 is a use-after-free in libvirt affecting the qemuMonitorUnregister path inside qemuProcessHandleMonitorEOF. It can be triggered by the virConnectGetAllDomainStats API during guest shutdown, allowing an unprivileged read-only client to crash the libvirt daemon and cause a denial of s...
CVE-2021-3696
CVE-2021-3696 = heap out-of-bounds write during Huffman table handling in grub2’s PNG reader, causing potential heap corruption. Affected: grub2 before patch grub-2.12; implications listed as Low/Low/Low in some sources, with potential for data corruption and, in theory, arbitrary code execution ...
CVE-2020-14301
CVE-2020-14301 is an information-disclosure in libvirt prior to 6.3.0 where HTTP cookies used to access network-based disks were saved in a guest domain’s dumpxml XML, enabling access to sensitive domain configuration data. Affected: libvirt
CVE-2025-3155
CVE-2025-3155 is a documented flaw in Yelp (GNOME Help) where help documents can execute arbitrary scripts, enabling potential exfiltration of user files. The connected advisories corroborate that this affects the Yelp/Yelp-xsl components across multiple distributions (e.g., Debian, Red Hat-deriv...
CVE-2025-13601
CVE-2025-13601 affects GLib’s g_escape_uri_string() where an integer overflow in buffer size calculation can cause a heap-based overflow when escaping strings with many invalid characters. Consequences are described as potential write past the end of the allocated buffer, leading to memory corrup...