CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Canonical : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-40617 400 DoS 2022-10-31 2023-01-27
0.0
None ??? ??? ??? ??? ??? ???
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
2 CVE-2022-39177 DoS 2022-09-02 2022-11-07
0.0
None ??? ??? ??? ??? ??? ???
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
3 CVE-2022-39176 +Info 2022-09-02 2022-11-07
0.0
None ??? ??? ??? ??? ??? ???
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
4 CVE-2022-34918 843 Overflow 2022-07-04 2022-10-26
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
5 CVE-2022-29581 416 2022-05-17 2022-10-19
7.2
None Local Low Not required Complete Complete Complete
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
6 CVE-2022-20698 20 DoS 2022-01-14 2022-01-21
5.0
None Remote Low Not required None None Partial
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.
7 CVE-2022-1055 416 +Priv 2022-03-29 2022-10-19
4.6
None Local Low Not required Partial Partial Partial
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
8 CVE-2022-0492 287 Bypass 2022-03-03 2022-10-19
6.9
None Local Medium Not required Complete Complete Complete
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
9 CVE-2021-45417 787 Overflow 2022-01-20 2022-01-26
7.2
None Local Low Not required Complete Complete Complete
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
10 CVE-2021-45079 476 2022-01-31 2022-07-12
5.8
None Remote Medium Not required Partial None Partial
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
11 CVE-2021-44731 362 Exec Code +Priv 2022-02-17 2023-02-03
6.9
None Local Medium Not required Complete Complete Complete
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
12 CVE-2021-44730 59 +Priv 2022-02-17 2022-02-28
6.9
None Local Medium Not required Complete Complete Complete
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
13 CVE-2021-44420 Bypass 2021-12-08 2022-07-12
7.5
None Remote Low Not required Partial Partial Partial
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
14 CVE-2021-44142 125 Exec Code 2022-02-21 2022-02-23
9.0
None Remote Low ??? Complete Complete Complete
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
15 CVE-2021-32557 59 2021-06-12 2021-06-23
3.6
None Local Low Not required None Partial Partial
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
16 CVE-2021-32556 78 2021-06-12 2021-06-23
2.1
None Local Low Not required None Partial None
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
17 CVE-2021-32555 59 2021-06-12 2021-06-16
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.
18 CVE-2021-32554 59 2021-06-12 2021-06-16
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.
19 CVE-2021-32553 59 2021-06-12 2021-06-16
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.
20 CVE-2021-32552 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
21 CVE-2021-32551 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.
22 CVE-2021-32550 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.
23 CVE-2021-32549 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.
24 CVE-2021-32548 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.
25 CVE-2021-32547 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.
26 CVE-2021-27364 125 2021-03-07 2021-12-08
3.6
None Local Low Not required Partial None Partial
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.
27 CVE-2021-25684 20 2021-06-11 2021-06-22
4.6
None Local Low Not required Partial Partial Partial
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
28 CVE-2021-25683 20 2021-06-11 2021-06-22
7.2
None Local Low Not required Complete Complete Complete
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
29 CVE-2021-25682 74 2021-06-11 2022-08-01
7.2
None Local Low Not required Complete Complete Complete
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
30 CVE-2021-4120 20 2022-02-17 2022-03-01
4.6
None Local Low Not required Partial Partial Partial
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
31 CVE-2021-4115 2022-02-21 2022-08-09
2.1
None Local Low Not required None None Partial
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
32 CVE-2021-4093 125 2022-02-18 2023-01-19
7.2
None Local Low Not required Complete Complete Complete
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.
33 CVE-2021-4034 787 2022-01-28 2023-02-02
7.2
None Local Low Not required Complete Complete Complete
CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector
34 CVE-2021-3975 416 DoS 2022-08-23 2023-02-03
0.0
None ??? ??? ??? ??? ??? ???
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.
35 CVE-2021-3939 763 2021-11-17 2021-11-19
7.2
None Local Low Not required Complete Complete Complete
Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.
36 CVE-2021-3905 401 2022-08-23 2022-08-27
0.0
None ??? ??? ??? ??? ??? ???
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
37 CVE-2021-3748 416 DoS Exec Code 2022-03-23 2023-01-03
6.9
None Local Medium Not required Complete Complete Complete
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
38 CVE-2021-3737 400 2022-03-04 2023-02-02
7.1
None Remote Medium Not required None None Complete
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
39 CVE-2021-3640 416 2022-03-03 2023-02-02
6.9
None Local Medium Not required Complete Complete Complete
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.
40 CVE-2021-3560 754 Bypass 2022-02-16 2022-07-11
7.2
None Local Low Not required Complete Complete Complete
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
41 CVE-2021-3493 269 +Priv 2021-04-17 2022-10-27
7.2
None Local Low Not required Complete Complete Complete
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
42 CVE-2021-3492 415 DoS +Priv 2021-04-17 2021-05-21
7.2
None Local Low Not required Complete Complete Complete
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.
43 CVE-2021-3491 787 Exec Code Overflow Bypass 2021-06-04 2021-09-14
7.2
None Local Low Not required Complete Complete Complete
The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b ("io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c ("io_uring: add IORING_OP_PROVIDE_BUFFERS") (v5.7-rc1).
44 CVE-2021-3490 125 Exec Code 2021-06-04 2021-09-14
7.2
None Local Low Not required Complete Complete Complete
The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).
45 CVE-2021-3489 787 Exec Code 2021-06-04 2021-09-14
7.2
None Local Low Not required Complete Complete Complete
The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1).
46 CVE-2021-3444 125 Exec Code 2021-03-23 2021-12-02
4.6
None Local Low Not required Partial Partial Partial
The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.
47 CVE-2021-3155 276 2022-02-17 2022-02-25
2.1
None Local Low Not required Partial None None
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
48 CVE-2020-29385 835 DoS Exec Code 2020-12-26 2021-03-22
4.3
None Remote Medium Not required None None Partial
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.
49 CVE-2020-29372 362 2020-11-28 2022-10-06
4.7
None Local Medium Not required None None Complete
An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e.
50 CVE-2020-28040 352 CSRF 2020-11-02 2022-06-29
4.3
None Remote Medium Not required None Partial None
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.
Total number of vulnerabilities : 3882   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.