|
2016-11-10
|
CVE-2016-5195
|
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
|
Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Cloud_backup, Hci_storage_nodes, Oncommand_balance, Oncommand_performance_manager, Oncommand_unified_manager_for_clustered_data_ontap, Ontap_select_deploy_administration_utility, Snapprotect, Solidfire, Pan\-Os, Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_eus, Enterprise_linux_long_life, Enterprise_linux_tus
|
7.0
|
|
|
|
2021-01-26
|
CVE-2021-3156
|
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
|
Privilege_management_for_mac, Privilege_management_for_unix\/linux, Debian_linux, Fedora, Web_gateway, Active_iq_unified_manager, Cloud_backup, Hci_management_node, Oncommand_unified_manager_core_package, Ontap_select_deploy_administration_utility, Ontap_tools, Solidfire, Communications_performance_intelligence_center, Micros_compact_workstation_3_firmware, Micros_es400_firmware, Micros_kitchen_display_system_firmware, Micros_workstation_5a_firmware, Micros_workstation_6_firmware, Tekelec_platform_distribution, Sudo, Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware
|
7.8
|
|
|
|
2021-03-25
|
CVE-2021-3449
|
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default...
|
Multi\-Domain_management_firmware, Quantum_security_gateway_firmware, Quantum_security_management_firmware, Debian_linux, Fedora, Freebsd, Web_gateway, Web_gateway_cloud_service, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, E\-Series_performance_analyzer, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider, Snapcenter, Storagegrid, Node\.js, Openssl, Communications_communications_policy_management, Enterprise_manager_for_storage_management, Essbase, Graalvm, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Primavera_unifier, Secure_backup, Secure_global_desktop, Zfs_storage_appliance_kit, Ruggedcom_rcm1224_firmware, Scalance_lpe9403_firmware, Scalance_m\-800_firmware, Scalance_s602_firmware, Scalance_s612_firmware, Scalance_s615_firmware, Scalance_s623_firmware, Scalance_s627\-2m_firmware, Scalance_sc\-600_firmware, Scalance_w1700_firmware, Scalance_w700_firmware, Scalance_xb\-200_firmware, Scalance_xc\-200_firmware, Scalance_xf\-200ba_firmware, Scalance_xm\-400_firmware, Scalance_xp\-200_firmware, Scalance_xr524\-8c_firmware, Scalance_xr526\-8c_firmware, Scalance_xr528\-6m_firmware, Scalance_xr552\-12_firmware, Scalance_xr\-300wg_firmware, Simatic_cloud_connect_7_firmware, Simatic_cp_1242\-7_gprs_v2_firmware, Simatic_hmi_basic_panels_2nd_generation_firmware, Simatic_hmi_comfort_outdoor_panels_firmware, Simatic_hmi_ktp_mobile_panels_firmware, Simatic_logon, Simatic_mv500_firmware, Simatic_net_cp1243\-7_lte_eu_firmware, Simatic_net_cp1243\-7_lte_us_firmware, Simatic_net_cp_1243\-1_firmware, Simatic_net_cp_1243\-8_irc_firmware, Simatic_net_cp_1542sp\-1_irc_firmware, Simatic_net_cp_1543\-1_firmware, Simatic_net_cp_1543sp\-1_firmware, Simatic_net_cp_1545\-1_firmware, Simatic_pcs_7_telecontrol_firmware, Simatic_pcs_neo_firmware, Simatic_pdm_firmware, Simatic_process_historian_opc_ua_server_firmware, Simatic_rf166c_firmware, Simatic_rf185c_firmware, Simatic_rf186c_firmware, Simatic_rf186ci_firmware, Simatic_rf188c_firmware, Simatic_rf188ci_firmware, Simatic_rf360r_firmware, Simatic_s7\-1200_cpu_1211c_firmware, Simatic_s7\-1200_cpu_1212c_firmware, Simatic_s7\-1200_cpu_1212fc_firmware, Simatic_s7\-1200_cpu_1214_fc_firmware, Simatic_s7\-1200_cpu_1214c_firmware, Simatic_s7\-1200_cpu_1215_fc_firmware, Simatic_s7\-1200_cpu_1215c_firmware, Simatic_s7\-1200_cpu_1217c_firmware, Simatic_s7\-1500_cpu_1518\-4_pn\/dp_mfp_firmware, Simatic_wincc_runtime_advanced, Simatic_wincc_telecontrol, Sinamics_connect_300_firmware, Sinec_infrastructure_network_services, Sinec_nms, Sinec_pni, Sinema_server, Sinumerik_opc_ua_server, Tia_administrator, Tim_1531_irc_firmware, Capture_client, Sma100_firmware, Sonicos, Log_correlation_engine, Nessus, Nessus_network_monitor, Tenable\.sc
|
5.9
|
|
|
|
2021-06-02
|
CVE-2021-3520
|
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
|
Lz4, Active_iq_unified_manager, Cloud_backup, Ontap_select_deploy_administration_utility, Communications_cloud_native_core_policy, Zfs_storage_appliance_kit, Universal_forwarder
|
9.8
|
|
|
|
2022-03-02
|
CVE-2021-3631
|
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
|
Ontap_select_deploy_administration_utility, Enterprise_linux, Libvirt, Openshift_container_platform
|
6.3
|
|
|
|
2022-03-02
|
CVE-2021-3667
|
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this...
|
Ontap_select_deploy_administration_utility, Enterprise_linux, Libvirt
|
6.5
|
|
|
|
2022-03-25
|
CVE-2021-4147
|
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
|
Fedora, Ontap_select_deploy_administration_utility, Libvirt
|
6.5
|
|
|
|
2022-03-25
|
CVE-2022-0897
|
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).
|
Ontap_select_deploy_administration_utility, Libvirt
|
4.3
|
|
|
|
2022-08-23
|
CVE-2021-3975
|
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.
|
Ubuntu_linux, Debian_linux, Fedora, Ontap_select_deploy_administration_utility, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Libvirt
|
6.5
|
|
|
|
2022-08-03
|
CVE-2022-35737
|
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
|
Ontap_select_deploy_administration_utility, Universal_forwarder, Sqlite
|
7.5
|
|
|