# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-1055 |
416 |
|
+Priv |
2022-03-29 |
2022-06-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 |
2 |
CVE-2022-0492 |
287 |
|
Bypass |
2022-03-03 |
2022-06-03 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. |
3 |
CVE-2021-45417 |
787 |
|
Overflow |
2022-01-20 |
2022-01-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. |
4 |
CVE-2021-45079 |
287 |
|
|
2022-01-31 |
2022-06-14 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. |
5 |
CVE-2021-44731 |
362 |
|
Exec Code +Priv |
2022-02-17 |
2022-03-01 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 |
6 |
CVE-2021-44730 |
59 |
|
+Priv |
2022-02-17 |
2022-02-28 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 |
7 |
CVE-2021-44142 |
125 |
|
Exec Code |
2022-02-21 |
2022-02-23 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. |
8 |
CVE-2021-32555 |
59 |
|
|
2021-06-12 |
2021-06-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users. |
9 |
CVE-2021-32554 |
59 |
|
|
2021-06-12 |
2021-06-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users. |
10 |
CVE-2021-32553 |
59 |
|
|
2021-06-12 |
2021-06-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users. |
11 |
CVE-2021-32552 |
59 |
|
|
2021-06-12 |
2021-06-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users. |
12 |
CVE-2021-32551 |
59 |
|
|
2021-06-12 |
2021-06-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users. |
13 |
CVE-2021-32550 |
59 |
|
|
2021-06-12 |
2021-06-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users. |
14 |
CVE-2021-32549 |
59 |
|
|
2021-06-12 |
2021-06-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users. |
15 |
CVE-2021-32548 |
59 |
|
|
2021-06-12 |
2021-06-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users. |
16 |
CVE-2021-32547 |
59 |
|
|
2021-06-12 |
2021-06-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users. |
17 |
CVE-2021-27364 |
125 |
|
|
2021-03-07 |
2021-12-08 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. |
18 |
CVE-2021-4120 |
20 |
|
|
2022-02-17 |
2022-03-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 |
19 |
CVE-2021-4034 |
787 |
|
Exec Code |
2022-01-28 |
2022-06-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. |
20 |
CVE-2021-3748 |
416 |
|
DoS Exec Code |
2022-03-23 |
2022-05-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. |
21 |
CVE-2021-3737 |
400 |
|
|
2022-03-04 |
2022-07-01 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. |
22 |
CVE-2021-3640 |
416 |
|
|
2022-03-03 |
2022-04-27 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. |
23 |
CVE-2021-3444 |
125 |
|
Exec Code |
2021-03-23 |
2021-12-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. |
24 |
CVE-2021-3155 |
276 |
|
|
2022-02-17 |
2022-02-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 |
25 |
CVE-2020-28040 |
352 |
|
CSRF |
2020-11-02 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. |
26 |
CVE-2020-28039 |
|
|
|
2020-11-02 |
2022-06-29 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. |
27 |
CVE-2020-27349 |
862 |
|
|
2020-12-09 |
2020-12-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5. |
28 |
CVE-2020-26137 |
74 |
|
|
2020-09-30 |
2021-12-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. |
29 |
CVE-2020-26116 |
116 |
|
|
2020-09-27 |
2021-12-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. |
30 |
CVE-2020-26088 |
276 |
|
Bypass |
2020-09-24 |
2022-04-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. |
31 |
CVE-2020-25722 |
863 |
|
|
2022-02-18 |
2022-02-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. |
32 |
CVE-2020-25717 |
20 |
|
|
2022-02-18 |
2022-02-25 |
8.5 |
None |
Remote |
Low |
??? |
Complete |
Complete |
None |
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. |
33 |
CVE-2020-25645 |
319 |
|
|
2020-10-13 |
2021-03-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. |
34 |
CVE-2020-25285 |
362 |
|
|
2020-09-13 |
2022-04-28 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. |
35 |
CVE-2020-25219 |
674 |
|
|
2020-09-09 |
2022-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. |
36 |
CVE-2020-25212 |
787 |
|
|
2020-09-09 |
2022-04-28 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. |
37 |
CVE-2020-24654 |
59 |
|
|
2020-09-02 |
2022-05-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. |
38 |
CVE-2020-24606 |
20 |
|
DoS |
2020-08-24 |
2021-07-21 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. |
39 |
CVE-2020-24394 |
732 |
|
|
2020-08-19 |
2021-06-14 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. |
40 |
CVE-2020-17538 |
787 |
|
DoS Overflow |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
41 |
CVE-2020-16310 |
369 |
|
DoS |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
42 |
CVE-2020-16309 |
787 |
|
DoS Overflow |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51. |
43 |
CVE-2020-16308 |
787 |
|
DoS Overflow |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
44 |
CVE-2020-16307 |
476 |
|
DoS |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. |
45 |
CVE-2020-16306 |
476 |
|
DoS |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. |
46 |
CVE-2020-16305 |
787 |
|
DoS Overflow |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
47 |
CVE-2020-16304 |
787 |
|
Overflow |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51. |
48 |
CVE-2020-16303 |
416 |
|
|
2020-08-13 |
2022-06-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. |
49 |
CVE-2020-16302 |
120 |
|
Overflow |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. |
50 |
CVE-2020-16166 |
330 |
|
+Info |
2020-07-30 |
2022-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. |