| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-27364 |
125 |
|
|
2021-03-07 |
2021-12-08 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. |
|
2 |
CVE-2020-27171 |
193 |
|
+Info |
2021-03-20 |
2022-07-30 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. |
|
3 |
CVE-2020-24394 |
732 |
|
|
2020-08-19 |
2022-10-25 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. |
|
4 |
CVE-2020-15810 |
444 |
|
Bypass |
2020-09-02 |
2021-03-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream. |
|
5 |
CVE-2020-15103 |
190 |
|
Overflow |
2020-07-27 |
2021-11-18 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto |
|
6 |
CVE-2020-14550 |
|
|
|
2020-07-15 |
2022-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). |
|
7 |
CVE-2020-14377 |
125 |
|
|
2020-09-30 |
2021-01-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability. |
|
8 |
CVE-2020-14367 |
59 |
|
DoS |
2020-08-24 |
2022-12-06 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal. |
|
9 |
CVE-2020-14311 |
190 |
|
Overflow |
2020-07-31 |
2021-10-19 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. |
|
10 |
CVE-2020-14310 |
190 |
|
Overflow |
2020-07-31 |
2021-10-19 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. |
|
11 |
CVE-2020-13696 |
863 |
|
|
2020-06-08 |
2022-04-28 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command. |
|
12 |
CVE-2020-13361 |
787 |
|
|
2020-05-28 |
2022-11-29 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. |
|
13 |
CVE-2020-12864 |
125 |
|
|
2020-06-24 |
2022-04-28 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081. |
|
14 |
CVE-2020-12863 |
125 |
|
|
2020-06-24 |
2022-11-08 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. |
|
15 |
CVE-2020-12862 |
125 |
|
|
2020-06-24 |
2022-11-08 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. |
|
16 |
CVE-2020-11736 |
22 |
|
Dir. Trav. |
2020-04-13 |
2022-04-27 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. |
|
17 |
CVE-2020-11565 |
787 |
|
|
2020-04-06 |
2020-06-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”. |
|
18 |
CVE-2020-11526 |
125 |
|
|
2020-05-15 |
2022-04-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. |
|
19 |
CVE-2020-11525 |
125 |
|
|
2020-05-15 |
2022-07-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. |
|
20 |
CVE-2020-11058 |
119 |
|
Overflow |
2020-05-12 |
2021-10-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0. |
|
21 |
CVE-2020-11049 |
125 |
|
|
2020-05-07 |
2022-07-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0. |
|
22 |
CVE-2020-11048 |
125 |
|
|
2020-05-07 |
2022-07-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0. |
|
23 |
CVE-2020-11046 |
119 |
|
Overflow |
2020-05-07 |
2021-09-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read. |
|
24 |
CVE-2020-11044 |
415 |
|
|
2020-05-07 |
2022-07-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0. |
|
25 |
CVE-2020-10732 |
908 |
|
|
2020-06-12 |
2023-02-12 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. |
|
26 |
CVE-2020-9383 |
125 |
|
|
2020-02-25 |
2022-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. |
|
27 |
CVE-2020-8648 |
416 |
|
|
2020-02-06 |
2022-07-28 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. |
|
28 |
CVE-2020-3350 |
362 |
|
|
2020-06-18 |
2023-03-03 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working. |
|
29 |
CVE-2020-2930 |
|
|
|
2020-04-15 |
2021-12-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
30 |
CVE-2020-2694 |
|
|
|
2020-01-15 |
2021-12-30 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). |
|
31 |
CVE-2020-2584 |
|
|
|
2020-01-15 |
2021-12-30 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). |
|
32 |
CVE-2020-1945 |
668 |
|
+Info |
2020-05-14 |
2022-04-04 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. |
|
33 |
CVE-2020-1752 |
416 |
|
Exec Code |
2020-04-30 |
2022-10-28 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. |
|
34 |
CVE-2019-19783 |
269 |
|
|
2019-12-16 |
2022-05-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c. |
|
35 |
CVE-2019-16275 |
346 |
|
DoS |
2019-09-12 |
2020-08-24 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. |
|
36 |
CVE-2019-15587 |
79 |
|
XSS |
2019-10-22 |
2023-01-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. |
|
37 |
CVE-2019-15031 |
200 |
|
+Info |
2019-09-13 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. |
|
38 |
CVE-2019-15030 |
862 |
|
|
2019-09-13 |
2020-08-24 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. |
|
39 |
CVE-2019-14861 |
276 |
|
|
2019-12-10 |
2023-01-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer. |
|
40 |
CVE-2019-14822 |
862 |
|
|
2019-11-25 |
2022-06-07 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user. |
|
41 |
CVE-2019-13057 |
|
|
|
2019-07-26 |
2022-06-13 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.) |
|
42 |
CVE-2019-12749 |
59 |
|
Bypass |
2019-06-11 |
2020-08-24 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. |
|
43 |
CVE-2019-12449 |
755 |
|
|
2019-05-29 |
2020-08-24 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. |
|
44 |
CVE-2019-10131 |
193 |
|
|
2019-04-30 |
2021-10-28 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. |
|
45 |
CVE-2019-8906 |
125 |
|
|
2019-02-18 |
2021-12-09 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. |
|
46 |
CVE-2019-8905 |
125 |
|
|
2019-02-18 |
2021-12-09 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. |
|
47 |
CVE-2019-5108 |
287 |
|
|
2019-12-23 |
2022-06-17 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. |
|
48 |
CVE-2019-5068 |
732 |
|
|
2019-11-05 |
2022-06-21 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. |
|
49 |
CVE-2019-3874 |
400 |
|
DoS |
2019-03-25 |
2023-02-12 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. |
|
50 |
CVE-2019-3460 |
20 |
|
|
2019-04-11 |
2022-04-22 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. |
