# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2021-44832 |
20 |
|
Exec Code |
2021-12-28 |
2022-08-09 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. |
2 |
CVE-2021-42097 |
352 |
|
+Priv CSRF |
2021-10-21 |
2021-11-05 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). |
3 |
CVE-2021-28660 |
787 |
|
|
2021-03-17 |
2023-01-19 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. |
4 |
CVE-2021-20190 |
502 |
|
|
2021-01-19 |
2022-06-03 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
5 |
CVE-2021-3570 |
787 |
|
Exec Code +Info |
2021-07-09 |
2022-10-07 |
8.0 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Complete |
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1. |
6 |
CVE-2020-27844 |
20 |
|
|
2021-01-05 |
2022-10-07 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |
7 |
CVE-2020-25717 |
20 |
|
|
2022-02-18 |
2022-02-25 |
8.5 |
None |
Remote |
Low |
??? |
Complete |
Complete |
None |
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. |
8 |
CVE-2020-25682 |
122 |
|
Exec Code Overflow |
2021-01-20 |
2021-03-26 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
9 |
CVE-2020-25681 |
122 |
|
Overflow |
2021-01-20 |
2021-03-26 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
10 |
CVE-2020-5291 |
269 |
|
+Priv |
2020-03-31 |
2020-04-02 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update. |
11 |
CVE-2019-18422 |
732 |
|
DoS +Priv |
2019-10-31 |
2023-02-03 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. |
12 |
CVE-2019-17666 |
120 |
|
Overflow |
2019-10-17 |
2023-01-19 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. |
13 |
CVE-2019-3846 |
787 |
|
DoS Exec Code Overflow |
2019-06-03 |
2023-02-02 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
A flaw was found in the Linux kernel's Marvell wifi chip driver. A heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c allows remote attackers to cause a denial of service(system crash) or execute arbitrary code. |
14 |
CVE-2018-19518 |
88 |
|
Exec Code |
2018-11-25 |
2022-04-18 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument. |
15 |
CVE-2018-14654 |
22 |
|
Dir. Trav. |
2018-10-31 |
2023-02-02 |
8.5 |
None |
Remote |
Low |
??? |
None |
Complete |
Complete |
A flaw was found in the way glusterfs server handles client requests. A remote, authenticated attacker could set arbitrary values for the GF_XATTROP_ENTRY_IN_KEY and GF_XATTROP_ENTRY_OUT_KEY during xattrop file operation resulting in creation and deletion of arbitrary files on glusterfs server node. |
16 |
CVE-2018-14633 |
787 |
|
Overflow |
2018-09-25 |
2023-02-02 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
A flaw was found in the ISCSI target code in the Linux kernel. The flaw allows an unauthenticated, remote attacker to cause a stack buffer overflow of 17 bytes of the stack. Depending on how the kernel was compiled (e.g. compiler, compile flags, and hardware architecture), the attack may lead to a system crash or access to data exported by an iSCSI target. Privilege escalation cannot be ruled out. The highest threat from this vulnerability is to system availability. |
17 |
CVE-2018-11319 |
22 |
|
Exec Code Dir. Trav. |
2018-05-20 |
2019-10-03 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a directory that is a parent of the base directory of the project being checked. NOTE: exploitation is more difficult after 3.8.0 because filename prediction may be needed. |
18 |
CVE-2017-9078 |
415 |
|
Exec Code |
2017-05-19 |
2022-07-11 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. |
19 |
CVE-2016-3168 |
254 |
|
|
2016-04-12 |
2016-04-14 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability." |
20 |
CVE-2015-5343 |
119 |
|
DoS Exec Code Overflow |
2016-04-14 |
2019-02-12 |
8.0 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Complete |
Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. |
21 |
CVE-2015-1803 |
|
|
DoS Exec Code |
2015-03-20 |
2016-12-31 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. |
22 |
CVE-2010-3705 |
400 |
|
Mem. Corr. |
2010-11-26 |
2023-02-02 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
CVE-2010-3705 kernel: sctp memory corruption in HMAC handling |
23 |
CVE-2007-6415 |
94 |
|
Exec Code Bypass |
2008-01-25 |
2008-09-05 |
8.5 |
None |
Remote |
Low |
??? |
Complete |
Complete |
None |
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options. |
24 |
CVE-2007-2443 |
|
|
Exec Code |
2007-06-26 |
2021-02-02 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value. |