Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API.
Max CVSS
9.3
EPSS Score
0.09%
Published
2023-06-06
Updated
2023-06-15
In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.
Max CVSS
8.1
EPSS Score
0.04%
Published
2023-09-01
Updated
2023-09-07
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.
Max CVSS
10.0
EPSS Score
0.06%
Published
2023-09-01
Updated
2023-09-08
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
Max CVSS
8.8
EPSS Score
0.07%
Published
2022-09-02
Updated
2022-11-07
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
Max CVSS
8.8
EPSS Score
0.07%
Published
2022-09-02
Updated
2022-11-07
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
Max CVSS
9.1
EPSS Score
0.17%
Published
2022-01-31
Updated
2022-07-12
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Max CVSS
8.8
EPSS Score
0.04%
Published
2022-02-17
Updated
2022-02-28
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
Max CVSS
9.0
EPSS Score
13.60%
Published
2022-02-21
Updated
2023-09-17
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
Max CVSS
8.8
EPSS Score
0.05%
Published
2021-06-11
Updated
2021-06-22
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
Max CVSS
8.8
EPSS Score
0.05%
Published
2021-06-11
Updated
2021-06-22
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
Max CVSS
8.8
EPSS Score
0.05%
Published
2021-06-11
Updated
2022-08-01
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Max CVSS
8.2
EPSS Score
0.07%
Published
2022-02-17
Updated
2022-03-01
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.
Max CVSS
8.8
EPSS Score
0.04%
Published
2022-02-18
Updated
2023-01-19
The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.
Max CVSS
8.8
EPSS Score
0.04%
Published
2021-10-01
Updated
2022-10-25
The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.
Max CVSS
8.8
EPSS Score
0.04%
Published
2021-10-01
Updated
2022-10-27

CVE-2021-3493

Known exploited
Public exploit
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Max CVSS
8.8
EPSS Score
0.59%
Published
2021-04-17
Updated
2023-07-07
CISA KEV Added
2022-10-20
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.
Max CVSS
8.8
EPSS Score
0.05%
Published
2021-04-17
Updated
2021-05-21
The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b ("io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c ("io_uring: add IORING_OP_PROVIDE_BUFFERS") (v5.7-rc1).
Max CVSS
8.8
EPSS Score
0.05%
Published
2021-06-04
Updated
2021-09-14
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.
Max CVSS
9.1
EPSS Score
0.33%
Published
2020-11-02
Updated
2022-06-29
Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.
Max CVSS
8.8
EPSS Score
0.18%
Published
2022-02-18
Updated
2023-09-17
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.
Max CVSS
9.0
EPSS Score
0.12%
Published
2022-02-18
Updated
2023-09-17
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
Max CVSS
8.5
EPSS Score
0.10%
Published
2022-02-18
Updated
2023-09-17
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
Max CVSS
10.0
EPSS Score
65.95%
Published
2020-09-09
Updated
2022-12-06
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
Max CVSS
8.6
EPSS Score
1.19%
Published
2020-08-24
Updated
2021-07-21
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
Max CVSS
9.8
EPSS Score
2.95%
Published
2020-09-09
Updated
2022-12-06
937 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!