In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.
Max CVSS
8.1
Published
2023-09-01
Updated
2023-09-07
EPSS
0.04%
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
Max CVSS
8.8
Published
2022-09-02
Updated
2022-11-07
EPSS
0.07%
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
Max CVSS
8.8
Published
2022-09-02
Updated
2022-11-07
EPSS
0.07%
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Max CVSS
8.8
Published
2022-02-17
Updated
2022-02-28
EPSS
0.04%
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
Max CVSS
8.8
Published
2021-06-11
Updated
2021-06-22
EPSS
0.05%
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
Max CVSS
8.8
Published
2021-06-11
Updated
2021-06-22
EPSS
0.05%
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
Max CVSS
8.8
Published
2021-06-11
Updated
2022-08-01
EPSS
0.05%
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Max CVSS
8.2
Published
2022-02-17
Updated
2022-03-01
EPSS
0.07%
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.
Max CVSS
8.8
Published
2022-02-18
Updated
2023-01-19
EPSS
0.04%
The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.
Max CVSS
8.8
Published
2021-10-01
Updated
2022-10-25
EPSS
0.04%
The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.
Max CVSS
8.8
Published
2021-10-01
Updated
2022-10-27
EPSS
0.04%

CVE-2021-3493

Public exploit exists
Known Exploited Vulnerability
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Max CVSS
8.8
Published
2021-04-17
Updated
2023-07-07
EPSS
0.59%
KEV Added
2022-10-20
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.
Max CVSS
8.8
Published
2021-04-17
Updated
2021-05-21
EPSS
0.05%
The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b ("io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c ("io_uring: add IORING_OP_PROVIDE_BUFFERS") (v5.7-rc1).
Max CVSS
8.8
Published
2021-06-04
Updated
2021-09-14
EPSS
0.05%
Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.
Max CVSS
8.8
Published
2022-02-18
Updated
2023-09-17
EPSS
0.18%
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
Max CVSS
8.5
Published
2022-02-18
Updated
2023-09-17
EPSS
0.10%
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
Max CVSS
8.6
Published
2020-08-24
Updated
2021-07-21
EPSS
1.19%
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
Max CVSS
8.2
Published
2020-11-07
Updated
2022-10-21
EPSS
0.04%
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Max CVSS
8.3
Published
2020-07-15
Updated
2022-10-27
EPSS
0.14%
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Max CVSS
8.8
Published
2020-09-30
Updated
2022-10-29
EPSS
0.05%
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
Max CVSS
8.3
Published
2020-05-22
Updated
2023-10-24
EPSS
0.13%
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.
Max CVSS
8.2
Published
2020-05-21
Updated
2022-04-26
EPSS
0.23%
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.
Max CVSS
8.0
Published
2020-06-24
Updated
2022-11-08
EPSS
0.05%
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.
Max CVSS
8.8
Published
2020-06-24
Updated
2023-06-12
EPSS
0.61%
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
Max CVSS
8.8
Published
2020-05-07
Updated
2022-04-26
EPSS
0.56%
344 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!