| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-29901 |
668 |
|
Exec Code Bypass |
2022-07-12 |
2023-02-23 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. |
|
2 |
CVE-2021-42376 |
476 |
|
DoS |
2021-11-15 |
2022-03-31 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. |
|
3 |
CVE-2021-42375 |
|
|
DoS |
2021-11-15 |
2022-03-31 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. |
|
4 |
CVE-2021-28964 |
362 |
|
DoS |
2021-03-22 |
2022-06-30 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. |
|
5 |
CVE-2021-27645 |
415 |
|
DoS |
2021-02-24 |
2022-11-04 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. |
|
6 |
CVE-2021-26932 |
|
|
|
2021-02-17 |
2022-07-28 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. |
|
7 |
CVE-2021-26931 |
770 |
|
|
2021-02-17 |
2022-06-04 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. |
|
8 |
CVE-2021-25284 |
532 |
|
|
2021-02-27 |
2022-07-12 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. |
|
9 |
CVE-2021-23239 |
59 |
|
|
2021-01-12 |
2022-11-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. |
|
10 |
CVE-2021-4095 |
476 |
|
DoS |
2022-03-10 |
2022-07-28 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1. |
|
11 |
CVE-2021-3533 |
362 |
|
|
2021-06-09 |
2022-04-25 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. |
|
12 |
CVE-2021-2374 |
|
|
|
2021-07-21 |
2021-09-23 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). |
|
13 |
CVE-2020-27170 |
203 |
|
+Info |
2021-03-20 |
2022-07-30 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. |
|
14 |
CVE-2020-25604 |
362 |
|
DoS |
2020-09-23 |
2022-09-30 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability. |
|
15 |
CVE-2020-15095 |
532 |
|
|
2020-07-07 |
2022-08-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files. |
|
16 |
CVE-2020-12402 |
203 |
|
|
2020-07-09 |
2022-01-04 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. |
|
17 |
CVE-2020-10932 |
327 |
|
|
2020-04-15 |
2023-03-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS. |
|
18 |
CVE-2020-9497 |
200 |
|
+Info |
2020-07-02 |
2021-07-21 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection. |
|
19 |
CVE-2020-4788 |
|
|
+Info |
2020-11-20 |
2023-02-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. |
|
20 |
CVE-2020-1740 |
377 |
|
|
2020-03-16 |
2022-04-05 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. |
|
21 |
CVE-2019-20919 |
476 |
|
|
2020-09-17 |
2022-04-28 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. |
|
22 |
CVE-2019-18660 |
200 |
|
+Info |
2019-11-27 |
2020-01-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. |
|
23 |
CVE-2019-18222 |
203 |
|
|
2020-01-23 |
2023-03-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks. |
|
24 |
CVE-2018-19489 |
362 |
|
DoS |
2018-12-13 |
2020-05-12 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. |
|
25 |
CVE-2018-10846 |
385 |
|
|
2018-08-22 |
2023-02-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. |
|
26 |
CVE-2016-4980 |
330 |
|
|
2019-11-27 |
2023-02-12 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
A password generation weakness exists in xquest through 2016-06-13. |
|
27 |
CVE-2016-3159 |
200 |
|
+Info |
2016-04-13 |
2019-02-21 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. |
|
28 |
CVE-2016-3158 |
200 |
|
+Info |
2016-04-13 |
2016-12-03 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. |
|
29 |
CVE-2015-4792 |
|
|
|
2015-10-21 |
2022-09-15 |
1.7 |
None |
Remote |
High |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. |
|
30 |
CVE-2015-2152 |
264 |
|
|
2015-03-18 |
2018-10-30 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. |
|
31 |
CVE-2014-3956 |
200 |
|
+Info |
2014-06-04 |
2017-12-29 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. |
|
32 |
CVE-2014-3537 |
59 |
|
|
2014-07-23 |
2023-02-13 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. |
|
33 |
CVE-2014-0019 |
119 |
|
DoS Overflow |
2014-02-04 |
2018-10-30 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line. |
|
34 |
CVE-2012-1568 |
|
|
Bypass |
2013-03-01 |
2023-02-13 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries. |
