| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-32547 |
704 |
|
|
2022-06-16 |
2023-01-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. |
|
2 |
CVE-2022-32546 |
190 |
|
|
2022-06-16 |
2022-06-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. |
|
3 |
CVE-2022-32545 |
190 |
|
|
2022-06-16 |
2022-06-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. |
|
4 |
CVE-2022-28796 |
416 |
|
|
2022-04-08 |
2022-05-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. |
|
5 |
CVE-2022-27650 |
276 |
|
|
2022-04-04 |
2022-11-28 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. |
|
6 |
CVE-2022-27649 |
276 |
|
|
2022-04-04 |
2022-07-22 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. |
|
7 |
CVE-2022-1833 |
276 |
|
|
2022-06-21 |
2022-06-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack. |
|
8 |
CVE-2022-1789 |
476 |
|
|
2022-06-02 |
2022-06-15 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. |
|
9 |
CVE-2022-1587 |
125 |
|
|
2022-05-16 |
2023-03-16 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. |
|
10 |
CVE-2022-1586 |
125 |
|
|
2022-05-16 |
2023-03-16 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. |
|
11 |
CVE-2022-1304 |
125 |
|
Exec Code |
2022-04-14 |
2023-02-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. |
|
12 |
CVE-2022-1227 |
269 |
|
DoS |
2022-04-29 |
2022-07-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. |
|
13 |
CVE-2022-1048 |
362 |
|
|
2022-04-29 |
2022-12-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. |
|
14 |
CVE-2022-0759 |
295 |
|
|
2022-03-25 |
2022-04-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE). Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle attacks (MITM). |
|
15 |
CVE-2022-0671 |
400 |
|
|
2022-02-18 |
2022-02-26 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file. |
|
16 |
CVE-2022-0492 |
287 |
|
Bypass |
2022-03-03 |
2022-10-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. |
|
17 |
CVE-2021-45463 |
|
|
Exec Code |
2021-12-23 |
2022-02-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature. |
|
18 |
CVE-2021-45078 |
787 |
|
DoS Overflow |
2021-12-15 |
2022-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. |
|
19 |
CVE-2021-43860 |
276 |
|
|
2022-01-12 |
2022-02-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. Therefore apps can grant themselves permissions without the consent of the user. Flatpak shows permissions to the user during install by reading them from the "xa.metadata" key in the commit metadata. This cannot contain a null terminator, because it is an untrusted GVariant. Flatpak compares these permissions to the *actual* metadata, from the "metadata" file to ensure it wasn't lied to. However, the actual metadata contents are loaded in several places where they are read as simple C-style strings. That means that, if the metadata file includes a null terminator, only the content of the file from *before* the terminator gets compared to xa.metadata. Thus, any permissions that appear in the metadata file after a null terminator are applied at runtime but not shown to the user. So maliciously crafted apps can give themselves hidden permissions. Users who have Flatpaks installed from untrusted sources are at risk in case the Flatpak has a maliciously crafted metadata file, either initially or in an update. This issue is patched in versions 1.12.3 and 1.10.6. As a workaround, users can manually check the permissions of installed apps by checking the metadata file or the xa.metadata key on the commit metadata. |
|
20 |
CVE-2021-39251 |
476 |
|
|
2021-09-07 |
2023-01-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. |
|
21 |
CVE-2021-33285 |
787 |
|
DoS Overflow |
2021-09-07 |
2023-01-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing of the records proceeds into the wild. |
|
22 |
CVE-2021-32027 |
119 |
|
Overflow |
2021-06-01 |
2023-01-31 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
|
23 |
CVE-2021-31916 |
787 |
|
+Priv +Info |
2021-05-06 |
2022-01-01 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. |
|
24 |
CVE-2021-30500 |
476 |
|
DoS Exec Code |
2021-05-27 |
2021-06-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file. |
|
25 |
CVE-2021-26252 |
787 |
|
DoS Exec Code Overflow |
2022-02-24 |
2022-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service. |
|
26 |
CVE-2021-20319 |
347 |
|
Bypass |
2022-03-04 |
2022-03-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed. |
|
27 |
CVE-2021-20318 |
502 |
|
Exec Code |
2021-12-23 |
2022-01-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage. |
|
28 |
CVE-2021-20305 |
787 |
|
|
2021-04-05 |
2021-12-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. |
|
29 |
CVE-2021-20288 |
287 |
|
|
2021-04-15 |
2021-06-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
|
30 |
CVE-2021-20252 |
20 |
|
DoS |
2021-02-23 |
2021-02-27 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal server error resulting in denial of service. The highest threat from this vulnerability is to system availability. |
|
31 |
CVE-2021-20198 |
306 |
|
Exec Code |
2021-02-23 |
2021-02-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
|
32 |
CVE-2021-20195 |
116 |
|
XSS |
2021-05-28 |
2022-08-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
|
33 |
CVE-2021-20188 |
863 |
|
|
2021-02-11 |
2021-02-17 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
|
34 |
CVE-2021-20182 |
552 |
|
+Priv |
2021-02-23 |
2021-05-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as the network and storage devices, to at least escalate their privileges to that of the cluster admin. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
|
35 |
CVE-2021-4133 |
863 |
|
|
2022-01-25 |
2022-09-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled. |
|
36 |
CVE-2021-4104 |
502 |
|
Exec Code |
2021-12-14 |
2022-10-05 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. |
|
37 |
CVE-2021-4048 |
125 |
|
|
2021-12-08 |
2022-01-04 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. |
|
38 |
CVE-2021-4024 |
200 |
|
+Info |
2021-12-23 |
2022-03-01 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM. |
|
39 |
CVE-2021-3948 |
276 |
|
|
2022-02-18 |
2022-12-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster. |
|
40 |
CVE-2021-3802 |
20 |
|
|
2021-11-29 |
2021-12-01 |
6.3 |
None |
Remote |
Medium |
??? |
None |
None |
Complete |
|
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. |
|
41 |
CVE-2021-3748 |
416 |
|
DoS Exec Code |
2022-03-23 |
2023-01-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. |
|
42 |
CVE-2021-3696 |
787 |
|
Exec Code |
2022-07-06 |
2022-10-28 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. |
|
43 |
CVE-2021-3682 |
763 |
|
Exec Code |
2021-08-05 |
2022-10-25 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. |
|
44 |
CVE-2021-3672 |
79 |
|
XSS |
2021-11-23 |
2022-10-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. |
|
45 |
CVE-2021-3653 |
862 |
|
|
2021-09-29 |
2022-03-31 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7. |
|
46 |
CVE-2021-3609 |
362 |
|
|
2022-03-03 |
2023-02-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. |
|
47 |
CVE-2021-3589 |
306 |
|
|
2022-03-23 |
2023-02-08 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
|
48 |
CVE-2021-3575 |
787 |
|
Exec Code Overflow |
2022-03-04 |
2023-02-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. |
|
49 |
CVE-2021-3573 |
362 |
|
|
2021-08-13 |
2021-08-24 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. |
|
50 |
CVE-2021-3529 |
79 |
|
XSS |
2021-06-02 |
2021-06-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity. |
