Total
221 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43975 | 4 Debian, Fedoraproject, Linux and 1 more | 18 Debian Linux, Fedora, Linux Kernel and 15 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. | |||||
| CVE-2021-43618 | 3 Debian, Gmplib, Netapp | 13 Debian Linux, Gmp, Active Iq Unified Manager and 10 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. | |||||
| CVE-2021-43057 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task. | |||||
| CVE-2021-42327 | 3 Fedoraproject, Linux, Netapp | 18 Fedora, Linux Kernel, H300e and 15 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer. | |||||
| CVE-2021-42252 | 2 Linux, Netapp | 19 Linux Kernel, H300e, H300e Firmware and 16 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. | |||||
| CVE-2021-42008 | 3 Debian, Linux, Netapp | 20 Debian Linux, Linux Kernel, H300e and 17 more | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. | |||||
| CVE-2021-41864 | 4 Debian, Fedoraproject, Linux and 1 more | 24 Debian Linux, Fedora, Linux Kernel and 21 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. | |||||
| CVE-2021-41184 | 6 Drupal, Fedoraproject, Jqueryui and 3 more | 35 Drupal, Fedora, Jquery Ui and 32 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. | |||||
| CVE-2021-41183 | 7 Debian, Drupal, Fedoraproject and 4 more | 36 Debian Linux, Drupal, Fedora and 33 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. | |||||
| CVE-2021-41182 | 7 Debian, Drupal, Fedoraproject and 4 more | 37 Debian Linux, Drupal, Fedora and 34 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. | |||||
| CVE-2021-41073 | 4 Debian, Fedoraproject, Linux and 1 more | 21 Debian Linux, Fedora, Linux Kernel and 18 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. | |||||
| CVE-2021-40490 | 4 Debian, Fedoraproject, Linux and 1 more | 29 Debian Linux, Fedora, Linux Kernel and 26 more | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. | |||||
| CVE-2021-3999 | 3 Debian, Gnu, Netapp | 15 Debian Linux, Glibc, E-series Performance Analyzer and 12 more | 2024-11-21 | N/A | 7.8 HIGH |
| A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. | |||||
| CVE-2021-3998 | 2 Gnu, Netapp | 12 Glibc, H300s, H300s Firmware and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. | |||||
| CVE-2021-3772 | 5 Debian, Linux, Netapp and 2 more | 26 Debian Linux, Linux Kernel, E-series Santricity Os Controller and 23 more | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. | |||||
| CVE-2021-3760 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. | |||||
| CVE-2021-3753 | 3 Linux, Netapp, Redhat | 18 Linux Kernel, Active Iq Unified Manager, Bootstrap Os and 15 more | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2021-3752 | 6 Debian, Fedoraproject, Linux and 3 more | 27 Debian Linux, Fedora, Linux Kernel and 24 more | 2024-11-21 | 7.9 HIGH | 7.1 HIGH |
| A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2021-3743 | 4 Fedoraproject, Linux, Netapp and 1 more | 21 Fedora, Linux Kernel, H300e and 18 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-3739 | 3 Fedoraproject, Linux, Netapp | 18 Fedora, Linux Kernel, H300e and 15 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability. | |||||