CVE-2022-0847

CVE-2022-0847 (Dirty Pipe) is a Linux kernel local privilege-escalation flaw in the pipe buffer handling (flags field) where copy_page_to_iter_pipe and push_pipe fail to initialize flags, allowing an unprivileged local user to write to pages cached from read-only files. Public advisories confirm ...

CVE-2023-4911

CVE-2023-4911 is a buffer overflow in the GNU C Library ld.so when processing GLIBC_TUNABLES, enabling local privilege escalation via malicious GLIBC_TUNABLES values when launching binaries with SUID. Affected: glibc, with versions older than 2.38-6 (per CBLMARINER:34733) and older listings notin...

CVE-2021-3560

CVE-2021-3560 – Polkit local privilege escalation : A flaw in polkit allows a local unprivileged process to bypass credential checks for D-Bus requests, enabling privilege escalation to root. Technical details across connected sources show the issue arises when a requesting process disconnects fr...

CVE-2021-44142

The CVE-2021-44142 issue is in the Samba vfs_fruit module. It allows out-of-bounds heap read/write via specially crafted extended file attributes (xattrs) when vfs_fruit is configured on Samba versions older than 4.13.17, 4.14.12, and 4.15.5. A remote attacker with write access to xattrs can exec...

CVE-2021-3621

SSSD is affected by CVE-2021-3621. The sssctl command (logs-fetch and cache-expire) is vulnerable to shell command injection, enabling an attacker to trick root (e.g., via sudo) into running a crafted sssctl command to gain root privileges. Advisories from Astra Linux, Debian LTS, Gentoo and Amaz...

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

CVE-2020-25717

CVE-2020-25717 affects Samba: an authenticated user mapping domain users to local users can lead to privilege escalation. Public references in Connected documents confirm this is a Samba issue (no exploit details provided here). Several advisories and vendor notes indicate patches or updated pack...

CVE-2020-10711

The CVE-2020-10711 entry concerns a NULL pointer dereference in the Linux kernel SELinux subprocess during CIPSO category bitmap import. Affected are kernel versions before 5.7; processing the CIPSO restricted bitmap tag in cipso_v4_parsetag_rbm sets a security attribute indicating the bitmap exi...

CVE-2016-2124

CVE-2016-2124 is a Samba SMB1 authentication flaw. The vulnerability lets an attacker retrieve plaintext passwords sent over the wire, even when Kerberos may be required. Connected sources confirm Samba SMB1 handling is at issue, with advisories across Red Hat, Amazon Linux 2/ALAS, Alpine and Clo...

CVE-2022-0492

CVE-2022-0492 is a Linux kernel local-privilege-escalation flaw in the cgroups v1 release_agent handling (function cgroup_release_agent_write in kernel/cgroup/cgroup-v1.c). The issue arises because releasing the release_agent does not enforce proper capabilities, enabling a local attacker to esca...

CVE-2019-11479

The CVE-2019-11479 family (SACK/MSS issues on the Linux kernel) stems from a hard-coded MSS of 48 bytes, enabling remote DoS via fragmented TCP handling. Public docs list CVE-2019-11477 (SACK Panic), CVE-2019-11478 (SACK Slowness/Excess Resource Usage), and CVE-2019-11479 (Low MSS) with kernel-wi...

CVE-2019-1125

CVE-2019-1125 is a Linux kernel local information-disclosure vulnerability related to SWAPGS speculation (Spectre variant 1). The issue allows a local attacker to read kernel/privileged memory through speculative execution on most x86 processors; mitigation relies on memory barriers to limit spec...

CVE-2018-10858

The connected documents confirm CVE-2018-10858 is a heap-buffer overflow in Samba client handling of extra-long filenames in directory listings, enabling arbitrary code execution on a Samba client. Affected versions include Samba before 4.6.16, 4.7.9, and 4.8.4. Mitigation/patches: updates to fix...

CVE-2019-14821

CVE-2019-14821 is a Linux kernel KVM issue: an out-of-bounds access in the Coalesced MMIO write path can occur if a host user controls the MMIO ring buffer indices (ring->first/ring->last). A local attacker with /dev/kvm access could crash the host kernel or potentially escalate privileges ...

CVE-2019-14835

The CVE-2019-14835 entry describes a buffer overflow in Linux kernel vhost functionality (virtqueue buffers translated to IOVs) during VM live migration. A privileged guest user could pass descriptors with invalid length while migration is underway, potentially causing a host privilege escalation...

CVE-2018-10237

CVE-2018-10237 affects Google Guava 11.0–24.x before 24.1.1. Unbounded memory allocation occurs during Java serialization of AtomicDoubleArray and GWT serialization of CompoundOrdering, enabling potential denial-of-service via memory exhaustion. Root cause is eager allocation without checks on cl...

CVE-2022-1011

CVE-2022-1011: A use-after-free vulnerability in the Linux kernel FUSE implementation when a user triggers write(), enabling local privilege escalation. Affected component is the FUSE filesystem in the kernel; impact is unauthorized access to data from FUSE mounts and potential escalation. Connec...

CVE-2022-0435

CVE-2022-0435 is a Linux kernel TIPc stack overflow issue. The vulnerability occurs in TIPc domain record handling when a peer sends a domain with more than 64 members, enabling a remote attacker with access to the TIPc network to crash the system and potentially escalate privileges. Connected ad...

CVE-2018-1067

The CVE-2018-1067 entry affects Undertow prior to 7.1.2.CR1 and 7.1.2.GA, where the prior fix for CVE-2016-4993 was incomplete. This leaves Undertow vulnerable to injection of arbitrary HTTP headers and HTTP response splitting due to insufficient sanitization and validation when user input is use...

CVE-2021-3752

Mode C: CVE-2021-3752 is a Linux kernel use-after-free vulnerability in the Bluetooth L2CAP path caused by a race between connect and disconnect. The flaw can allow a local attacker to crash the system or escalate privileges. Connected documents confirm this CVE is discussed in Debian advisories ...

CVE-2022-0330

CVE-2022-0330 affects the Linux kernel i915 GPU driver. The root cause is a missing GPU TLB flush in the i915 driver, enabling a local attacker to cause a denial of service or privilege escalation by running code on the GPU. Public documents from connected sources confirm the flaw and its associa...

CVE-2017-7525

CVE-2017-7525 is a deserialization flaw in jackson-databind enabling code execution via ObjectMapper.readValue on versions before 2.6.7.1, 2.7.9.1, or 2.8.9. Astra Linux notes extend the issue to versions before 2.8.10 and 2.9.1, and newer advisories reference mitigations/updates. Remediation vis...

CVE-2018-1000805

Paramiko (Python Paramiko library) versions 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 are affected by an Incorrect Access Control vulnerability in the SSH server that can result in remote code execution. The issue allows a malicious client to trick the Paramiko server into treating an una...

CVE-2018-18397

The vulnerability CVE-2018-18397 affects the Linux kernel prior to 4.19.7, where the userfaultfd implementation mishandles access control for certain UFFDIO ioctls (fs/userfaultfd.c and mm/userfaultfd.c). A local attacker with read permissions on a tmpfs file containing holes could write data int...

CVE-2021-3669

CVE-2021-3669 is a Linux kernel vulnerability where measuring shared memory usage does not scale with large shared memory segment counts, enabling resource exhaustion and DoS. Connected sources confirm the issue affects multiple kernel versions and distributions, with remediations following vendo...

CVE-2021-45417

AIDE (Advanced Intrusion Detection Environment) is affected by CVE-2021-45417: before version 0.17.4, a heap-based buffer overflow in the base64 output path can be triggered by crafted file metadata (e.g., XFS extended attributes, tmpfs ACLs), allowing local users to escalate to root. The vulnera...

CVE-2019-10161

Summary: CVE-2019-10161 affects libvirt’s libvirtd server in vulnerable releases prior to 4.10.1 and 5.4.1. The virDomainSaveImageGetXMLDesc() API could be invoked by read-only clients with access to the libvirtd socket, specifying an arbitrary path that would be accessed with the permissions of ...

CVE-2018-5803

CVE-2018-5803 affects the Linux kernel SCTP chunk handling: a length check flaw in _sctp_make_chunk() (net/sctp/sm_make_chunk.c) can trigger a kernel crash/DoS. Affected kernel versions include 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102. Public advisories (Debian, CentOS/Red Hat, Ubunt...

CVE-2021-3656

CVE-2021-3656 describes a flaw in the KVM hypervisor for AMD processors where the L1 guest can provide a VMCB with an improperly validated virt_ext field, allowing the L1 to disable VMLOAD/VMSAVE intercepts and VLS for the L2 guest. This enables the L2 guest to read/write portions of the host’s p...

CVE-2018-1000001

CVE-2018-1000001 affects glibc up to version 2.26; realpath() can underflow a destination buffer when getcwd() returns a relative path, enabling local privilege escalation. Connected advisories confirm the issue and list affected packages (glibc and related). Remediation in documented advisories ...

CVE-2022-0516

CVE-2022-0516 affects the KVM for s390 in the Linux kernel, specifically the arch/s390/kvm/kvm-s390.c function kvm_s390_guest_sida_op. The vulnerability allows a local user with normal privileges to obtain unauthorized memory write access due to an insufficient check in the KVM s390x release_agen...

CVE-2018-1068

CVE-2018-1068 affects the Linux kernel: the 32-bit compatibility layer for ebtables did not sufficiently validate offset values in a 64-bit kernel. A local attacker with CAP_NET_ADMIN (in a namespace) could use this to overwrite kernel memory, potentially leading to privilege escalation. Public a...

CVE-2021-20316

CVE-2021-20316 affects Samba: an authenticated attacker can read or modify share metadata due to a flaw in handling file/directory metadata, potentially enabling operations outside the intended share. Affected Samba versions exist in multiple OS packages; several connected advisories note that a ...

CVE-2019-3888

CVE-2019-3888 describes an information exposure in Undertow prior to 2.0.21 where Connectors.executeRootHandler logs the HttpServerExchange object at ERROR level via UndertowLogger.REQUEST_LOGGER.undertowRequestFailed, potentially exposing plain text credentials in log files. Connected documents ...

CVE-2018-1120

CVE-2018-1120 affects the Linux kernel prior to 4.17. By mmap()ing a FUSE-backed file into a process’s memory that contains command line arguments or environment strings, a local attacker can cause utilities that read /proc//cmdline or /proc//environ (e.g., ps, w) to block indefinitely or for a b...

CVE-2021-3609

CVE-2021-3609 is a local privilege-escalation flaw in the Linux kernel CAN BCM subsystem. A race in net/can/bcm.c between bcm_rx_handler() and bcm_release() can free bcm_op/bcm_sock structures while the handler runs, enabling use-after-free and root access. Public advisories consistently describe...

CVE-2017-1000410

Summary of CVE-2017-1000410 (Linux kernel info leak) : The vulnerability affects Linux kernel 3.3-rc1 and later in how L2CAP ConfigRequest/ConfigResponse are parsed. A stack variable (struct l2cap_conf_efs efs) is declared uninitialized and, depending on parsing flow and input, can be leaked back...

CVE-2018-16881

CVE-2018-16881 affects rsyslog’s imptcp module. An attacker can send a specially crafted TCP message to imptcp, causing the daemon to crash (DoS). Vulnerable in rsyslog versions before 8.27.0; upgrade to 8.27.0+ to remediate. Some advisories (e.g., MiracleLinux AXSA) reference an integer overflow...

CVE-2017-1000407

CVE-2017-1000407 affects the Linux kernel when built with KVM support, where an attacker can flood the diagnostic port 0x80 and trigger a kernel crash. Root cause: improper validation of user-supplied input at the diagnostic port, enabling denial of service via port flooding. Impact per public ad...

CVE-2019-3460

CVE-2019-3460 affects the Linux kernel and is a heap data information leak in multiple locations, including L2CAP_PARSE_CONF_RSP, reported as present in builds before 5.1-rc1. The issue arises from a heap information leak in L2CAP handling; the advisory notes updates to address it in kernel relea...

CVE-2018-10322

CVE-2018-10322 affects the Linux kernel (up to 4.16.3) via the XFS inode verification path: xfs_dinode_verify in fs/xfs/libxfs/xfs_inode_buf.c can trigger an xfs_ilock_attr_map_shared invalid pointer dereference, allowing a local attacker to cause a denial of service. Exploitation status is not d...

CVE-2018-10675

The CVE-2018-10675 issue affects the Linux kernel prior to 4.12.9, where the do_get_mempolicy function in mm/mempolicy.c allows a local attacker to trigger a use-after-free, leading to denial of service and potentially other impact. Affected versions include kernels compiled into Linux-based prod...

CVE-2018-6485

CVE-2018-6485 is an integer overflow in posix_memalign within glibc (memalign implementation) for versions 2.26 and earlier, which could cause a heap area to be too small and lead to heap corruption. The NVD CVSSv3/base score is 9.8 (CRITICAL) with network attack vector, no user interaction. Affe...

CVE-2018-18559

CVE-2018-18559 affects the Linux kernel up to 4.19, caused by a use-after-free in a race between fanout_add from setsockopt and bind on AF_PACKET sockets. The issue stems from an incomplete fix (15fe076...) and a multithreaded sequence where a packet_do_bind unregister action followed by a packet...

CVE-2021-3744

CVE-2021-3744 is a memory-leak DoS in the Linux kernel: the flaw occurs in the ccp_run_aes_gcm_cmd() function (drivers/crypto/ccp/ccp-ops.c), allowing memory consumption-based denial of service. Connected advisories (Astra Linux and Amazon Linux 2 kernel updates) confirm the same root cause and n...

CVE-2023-6535

CVE-2023-6535 affects the Linux kernel NVMe driver. A crafted TCP packet sequence over NVMe over TCP may cause a NULL pointer dereference in the NVMe driver, leading to a kernel panic and denial of service. Connected documents confirm the same vulnerability text and its presence in multiple advis...

CVE-2018-10930

CVE-2018-10930 affects GlusterFS server: an authenticated attacker can misuse RPC gfs3_rename_req to write outside the gluster volume. Affected product variant shown in connected docs is PowerKVM 3.1; remediation provided via updates to GlusterFS (e.g., Red Hat/CentOS advisories and Debian LTS no...

CVE-2018-6927

CVE-2018-6927 concerns the Linux kernel futex_requeue implementation in kernel/futex.c. Multiple connected documents confirm a flaw where triggering a negative wake or requeue value can cause a denial of service via an integer overflow. Affected are kernel versions prior to 4.14.15 (and related u...

CVE-2023-6536

CVE-2023-6536 is a Linux kernel NVMe over TCP issue. The connected documents confirm a NULL pointer dereference in the NVMe target (nvmet_tcp_build_iovec and related paths) that could cause a kernel panic and denial of service. Affected software is the Linux kernel’s NVMe over TCP stack (nvmet_tc...

CVE-2018-10926

CVE-2018-10926 affects GlusterFS: a flaw in RPC handling of gfs3_mknod_req allows an authenticated remote attacker to write files to arbitrary locations via path traversal and execute arbitrary code on the glusterfs server. The issue is addressed in multiple advisories across distributions (e.g.,...