23 matches found
CVE-2021-41617
CVE-2021-41617 affects OpenSSH sshd (versions 6.2–8.x prior to 8.8) where certain non-default configurations allow local privilege escalation because supplemental groups are not initialized as expected when AuthorizedKeysCommand/AuthorizedPrincipalsCommand run under a different user. This can cau...
CVE-2021-4034
Polkit pkexec (setuid) contains a local privilege escalation flaw where pkexec fails to validate the calling parameter count and may treat crafted environment variables as commands, enabling unprivileged users to execute arbitrary code with root privileges. This has been reported across multiple ...
CVE-2021-42574
CVE-2021-42574 describes a trojan-source style vulnerability in the Unicode Bidirectional Algorithm up to Unicode 14.0, allowing visual reordering of code tokens via BiDi control characters. Connected advisories confirm public attention across GCC/binutils/toolchains, with mitigations including u...
CVE-2021-43527
CVE-2021-43527 describes a heap overflow in NSS when handling DER-encoded DSA or RSA-PSS signatures. The vulnerability affects NSS versions prior to 3.73 (and 3.68.1 ESR for some configurations) and can impact applications using NSS for signatures in CMS, S/MIME, PKCS#7, or PKCS#12, as well as th...
CVE-2020-14314
CVE-2020-14314 is a memory out-of-bounds read in the Linux kernel’s ext3/ext4 directory handling that can crash the system on a local user. Public advisories confirm the issue affects the kernel and is tied to ext3/ext4 filesystem access with broken indexing, contributing to availability impact. ...
CVE-2021-20271
Summary: CVE-2021-20271 affects the RPM package manager, with a flaw in the signature check when reading a package file that can lead to RPM database corruption and code execution. Impact: data integrity, confidentiality, and availability may be compromised. Exploitation: local attacker can explo...
CVE-2020-36385
CVE-2020-36385 is a use-after-free in the Linux kernel prior to 5.10, specifically in drivers/infiniband/core/ucma.c where the ctx is reachable via the ctx_list in certain ucma_migrate_id paths when ucma_close is called. This vulnerability affects the Linux kernel before 5.10; a fix is referenced...
CVE-2020-25704
CVE-2020-25704 describes a memory leak in the Linux kernel perf subsystem when using PERF_EVENT_IOC_SET_FILTER, enabling a local user to exhaust resources and cause a denial of service. The vulnerability is reiterated across multiple advisories (e.g., ALAS2KERNEL, ALAS-2020-1566, Debian/AlmaLinux...
CVE-2020-36322
The CVE-2020-36322 issue affects the Linux kernel FUSE filesystem implementation, where fuse_do_getattr() could call make_bad_inode() in inappropriate situations, potentially causing a system crash. The vulnerability is tied to the FUSE path and was partially addressed by a fix, with the incomple...
CVE-2020-0427
CVE-2020-0427 is confirmed in the connected documents as an Android kernel issue affecting the pinctrl subsystem (core.c). The vulnerability arises in create_pinctrl, where an out-of-bounds read can occur due to a use-after-free, potentially allowing local information disclosure without extra exe...
CVE-2021-37750
CVE-2021-37750 is a vulnerability in MIT Kerberos 5 (krb5) where the Key Distribution Center (KDC) can suffer a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. Affected releases include krb5 before 1.18.5 and 1.19.x before 1.19.3. The issue can cause ...
CVE-2021-42739
CVE-2021-42739 is a heap/buffer overflow in the Linux kernel’s FireWire FireDTV driver (firedtv-avc.c, firedtv-ci.c) caused by avc_ca_pmt failing to perform proper bounds checking. It affects the kernel’s FireWire path and can lead to memory corruption, crashes, or potentially privilege escalatio...
CVE-2020-24394
CVE-2020-24394 affects the Linux kernel before 5.7.8 in the NFS server (fs/nfsd/vfs.c). The root cause is that ACL-less filesystems do not apply the current umask when creating new objects, allowing an attacker with local access to set incorrect permissions. Public details in connected advisories...
CVE-2020-25643
CVE-2020-25643 affects the Linux kernel HDLC_PPP module via improper input validation in ppp_cp_parse_cr, causing memory corruption and a read overflow that can lead to system crash or DoS. Public advisories confirm this vulnerability and reference the same root cause, with mitigations proposed a...
CVE-2020-25656
CVE-2020-25656 is a Linux kernel use-after-free in the console subsystem related to ioctls KDGKBSENT and KDSKBSENT. A local attacker could read memory out of bounds, impacting data confidentiality. Several advisories (CloudLinux, Amazon Linux, CentOS/RHEL, Cloud Foundry/usn, etc.) reference this ...
CVE-2018-18584
CVE-2018-18584 affects libmspack and cabextract. In mspack/cab.h, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write (before 0.8alpha for libmspack and before 1.8 for cabextract). Remediation involves upgrading to fixed versions (e.g....
CVE-2018-18585
CVE-2018-18585 affects libmspack prior to 0.8alpha, where chmd_read_headers in mspack/chmd.c accepts a filename with a NULL byte as the first or second character (e.g., "/\0"). Multiple downstream advisories reference this CVE and link to libmspack updates; Amazon Linux 2 ALAS2-2019-1310 explicit...
CVE-2020-14409
CVE-2020-14409 affects SDL2 up to version 2.0.12. The vulnerability is an Integer Overflow in SDL_BlitCopy (video/SDL_blit_copy.c) triggered by processing a crafted BMP file, causing SDL_memcpy heap corruption and potential instability. Connected advisories (SUSE, Debian, Ubuntu) reference this C...
CVE-2018-3839
CVE-2018-3839 is an exploitable code execution in SDL2_image-2.0.2’s XCF image rendering. A specially crafted XCF image can cause an out-of-bounds write on the heap, enabling remote code execution when the image is processed. Multiple connected advisories confirm the issue and indicate fixes in S...
CVE-2018-16738
CVE-2018-16738 affects tinc 1.0.30–1.0.34, which have a broken authentication protocol with only partial mitigation; the issue is fixed in 1.1. The NVD notes a CVSS v3.1 base score of 3.7 (LOW) with network attack vector and high attack complexity, no privileges required, and no impact on confide...
CVE-2018-16737
CVE-2018-16737 affects the tinc VPN daemon, where versions prior to 1.0.30 implement a broken authentication protocol. The available connected documents confirm this specific root cause and reference affected software as tinc before 1.0.30. Documented impact is implied by the broken authenticatio...
CVE-2018-16758
CVE-2018-16758 affects the tinc VPN daemon up to version 1.0.34. The root cause is missing message authentication in the meta-protocol, enabling a man-in-the-middle to disable VPN packet encryption. Public sources (NVD, CNVD) describe a MITM-based impact that decrypts or disrupts traffic. Fedora ...
CVE-2018-3837
CVE-2018-3837 describes an information-disclosure flaw in the PCX image handling of SDL2_image-2.0.2. A specially crafted PCX image can trigger an out-of-bounds read on the heap, allowing partial disclosure when the image is processed. The vulnerability affects SDL2_image’s PCX rendering path and...