# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2021-42550 |
502 |
|
Exec Code |
2021-12-16 |
2022-12-12 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. |
2 |
CVE-2021-3570 |
787 |
|
Exec Code +Info |
2021-07-09 |
2022-10-07 |
8.0 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Complete |
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1. |
3 |
CVE-2020-25717 |
20 |
|
|
2022-02-18 |
2022-02-25 |
8.5 |
None |
Remote |
Low |
??? |
Complete |
Complete |
None |
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. |
4 |
CVE-2020-25661 |
843 |
|
DoS |
2020-11-05 |
2020-11-19 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |
5 |
CVE-2020-14352 |
22 |
|
Dir. Trav. |
2020-08-30 |
2020-11-09 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories. |
6 |
CVE-2019-3846 |
787 |
|
|
2019-06-03 |
2023-01-19 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. |
7 |
CVE-2018-14654 |
22 |
|
Dir. Trav. |
2018-10-31 |
2021-11-30 |
8.5 |
None |
Remote |
Low |
??? |
None |
Complete |
Complete |
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. |
8 |
CVE-2018-14633 |
787 |
|
Overflow |
2018-09-25 |
2020-08-28 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable. |
9 |
CVE-2017-7466 |
20 |
|
Exec Code |
2018-06-22 |
2021-08-04 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. |
10 |
CVE-2016-1661 |
20 |
|
DoS Mem. Corr. |
2016-05-14 |
2018-10-30 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp. |
11 |
CVE-2015-5222 |
264 |
|
Exec Code |
2015-08-24 |
2015-08-25 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors. |
12 |
CVE-2013-4401 |
264 |
|
+Priv |
2013-11-02 |
2015-01-02 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information. |
13 |
CVE-2013-4172 |
94 |
|
Exec Code |
2013-08-23 |
2013-08-27 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors. |
14 |
CVE-2011-3191 |
119 |
|
DoS Overflow Mem. Corr. |
2012-05-24 |
2022-11-03 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory. |
15 |
CVE-2007-6181 |
119 |
|
Exec Code Overflow |
2007-11-30 |
2018-10-26 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19. |
16 |
CVE-2007-1351 |
189 |
|
Exec Code Overflow |
2007-04-06 |
2018-10-16 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. |