# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-20698 |
20 |
|
DoS |
2022-01-14 |
2022-01-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. |
2 |
CVE-2022-0492 |
287 |
|
Bypass |
2022-03-03 |
2022-06-03 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. |
3 |
CVE-2021-45417 |
787 |
|
Overflow |
2022-01-20 |
2022-01-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. |
4 |
CVE-2021-45079 |
476 |
|
|
2022-01-31 |
2022-07-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. |
5 |
CVE-2021-44142 |
125 |
|
Exec Code |
2022-02-21 |
2022-02-23 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. |
6 |
CVE-2021-27364 |
125 |
|
|
2021-03-07 |
2021-12-08 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. |
7 |
CVE-2021-4034 |
787 |
|
Exec Code |
2022-01-28 |
2022-06-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. |
8 |
CVE-2021-3737 |
400 |
|
|
2022-03-04 |
2022-07-25 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. |
9 |
CVE-2021-3640 |
416 |
|
|
2022-03-03 |
2022-04-27 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. |
10 |
CVE-2021-3444 |
125 |
|
Exec Code |
2021-03-23 |
2021-12-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. |
11 |
CVE-2020-27171 |
193 |
|
+Info |
2021-03-20 |
2022-07-30 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. |
12 |
CVE-2020-27170 |
203 |
|
+Info |
2021-03-20 |
2022-07-30 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. |
13 |
CVE-2020-26116 |
116 |
|
|
2020-09-27 |
2021-12-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. |
14 |
CVE-2020-26088 |
276 |
|
Bypass |
2020-09-24 |
2022-04-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. |
15 |
CVE-2020-25645 |
319 |
|
|
2020-10-13 |
2021-03-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. |
16 |
CVE-2020-25285 |
362 |
|
|
2020-09-13 |
2022-04-28 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. |
17 |
CVE-2020-25212 |
787 |
|
|
2020-09-09 |
2022-04-28 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. |
18 |
CVE-2020-16166 |
330 |
|
+Info |
2020-07-30 |
2022-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. |
19 |
CVE-2020-16120 |
|
|
|
2021-02-10 |
2021-11-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11. |
20 |
CVE-2020-15862 |
269 |
|
|
2020-08-20 |
2020-09-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. |
21 |
CVE-2020-15707 |
362 |
|
Exec Code Overflow Bypass |
2020-07-29 |
2021-09-13 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. |
22 |
CVE-2020-15706 |
362 |
|
Exec Code Bypass |
2020-07-29 |
2021-05-01 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. |
23 |
CVE-2020-15705 |
347 |
|
Bypass |
2020-07-29 |
2022-04-18 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. |
24 |
CVE-2020-15393 |
401 |
|
|
2020-06-29 |
2022-04-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. |
25 |
CVE-2020-14392 |
119 |
|
Overflow Mem. Corr. |
2020-09-16 |
2021-10-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. |
26 |
CVE-2020-14355 |
120 |
|
Exec Code Overflow |
2020-10-07 |
2020-12-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. |
27 |
CVE-2020-14345 |
119 |
|
Overflow |
2020-09-15 |
2021-01-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
28 |
CVE-2020-14311 |
190 |
|
Overflow |
2020-07-31 |
2021-10-19 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. |
29 |
CVE-2020-14310 |
190 |
|
Overflow |
2020-07-31 |
2021-10-19 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. |
30 |
CVE-2020-14303 |
834 |
|
|
2020-07-06 |
2022-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. |
31 |
CVE-2020-13254 |
295 |
|
|
2020-06-03 |
2021-01-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. |
32 |
CVE-2020-13114 |
770 |
|
|
2020-05-21 |
2022-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. |
33 |
CVE-2020-13113 |
908 |
|
|
2020-05-21 |
2022-04-26 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. |
34 |
CVE-2020-12771 |
667 |
|
|
2020-05-09 |
2022-04-26 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. |
35 |
CVE-2020-12769 |
662 |
|
|
2020-05-09 |
2022-05-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. |
36 |
CVE-2020-12656 |
401 |
|
|
2020-05-05 |
2022-04-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug. |
37 |
CVE-2020-12352 |
200 |
|
+Info |
2020-11-23 |
2021-07-21 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. |
38 |
CVE-2020-12243 |
674 |
|
DoS |
2020-04-28 |
2022-04-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). |
39 |
CVE-2020-12049 |
404 |
|
|
2020-06-08 |
2021-03-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. |
40 |
CVE-2020-11565 |
787 |
|
|
2020-04-06 |
2020-06-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”. |
41 |
CVE-2020-11494 |
908 |
|
|
2020-04-02 |
2022-04-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4. |
42 |
CVE-2020-10942 |
787 |
|
|
2020-03-24 |
2022-04-22 |
5.4 |
None |
Local |
Medium |
Not required |
None |
Partial |
Complete |
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. |
43 |
CVE-2020-10732 |
908 |
|
|
2020-06-12 |
2021-12-21 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. |
44 |
CVE-2020-10711 |
476 |
|
DoS |
2020-05-22 |
2022-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. |
45 |
CVE-2020-10690 |
416 |
|
|
2020-05-08 |
2021-12-20 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. |
46 |
CVE-2020-10531 |
787 |
|
Overflow |
2020-03-12 |
2022-04-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. |
47 |
CVE-2020-10109 |
444 |
|
|
2020-03-12 |
2022-04-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. |
48 |
CVE-2020-10108 |
444 |
|
|
2020-03-12 |
2022-04-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request. |
49 |
CVE-2020-8992 |
400 |
|
DoS |
2020-02-14 |
2022-04-27 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. |
50 |
CVE-2020-8648 |
416 |
|
|
2020-02-06 |
2022-07-28 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. |