Total
253940 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-28704 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-02-04 | 6.9 MEDIUM | 8.8 HIGH |
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2). | |||||
CVE-2021-28703 | 1 Xen | 1 Xen | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. This bug was fortuitously fixed by code cleanup in Xen 4.14, and backported to security-supported Xen branches as a prerequisite of the fix for XSA-378. | |||||
CVE-2023-28487 | 1 Sudo Project | 1 Sudo | 2024-02-03 | N/A | 5.3 MEDIUM |
Sudo before 1.9.13 does not escape control characters in sudoreplay output. | |||||
CVE-2023-28486 | 1 Sudo Project | 1 Sudo | 2024-02-03 | N/A | 5.3 MEDIUM |
Sudo before 1.9.13 does not escape control characters in log messages. | |||||
CVE-2023-38174 | 1 Microsoft | 1 Edge Chromium | 2024-02-03 | N/A | 4.3 MEDIUM |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
CVE-2023-36880 | 1 Microsoft | 1 Edge Chromium | 2024-02-03 | N/A | 4.8 MEDIUM |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
CVE-2023-36727 | 1 Microsoft | 1 Edge Chromium | 2024-02-03 | N/A | 6.1 MEDIUM |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
CVE-2023-36559 | 1 Microsoft | 1 Edge Chromium | 2024-02-03 | N/A | 4.2 MEDIUM |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
CVE-2023-36409 | 1 Microsoft | 1 Edge Chromium | 2024-02-03 | N/A | 6.5 MEDIUM |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
CVE-2023-36029 | 1 Microsoft | 1 Edge | 2024-02-03 | N/A | 4.3 MEDIUM |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
CVE-2023-36022 | 1 Microsoft | 1 Edge Chromium | 2024-02-03 | N/A | 6.6 MEDIUM |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
CVE-2023-33145 | 2024-02-03 | N/A | 6.5 MEDIUM | ||
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
CVE-2023-33143 | 1 Microsoft | 1 Edge Chromium | 2024-02-03 | N/A | 7.5 HIGH |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
CVE-2023-29345 | 1 Microsoft | 1 Edge Chromium | 2024-02-03 | N/A | 6.1 MEDIUM |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
CVE-2021-38593 | 2 Fedoraproject, Qt | 2 Fedora, Qt | 2024-02-03 | 5.0 MEDIUM | 7.5 HIGH |
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). | |||||
CVE-2020-28049 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-02-03 | 3.3 LOW | 6.3 MEDIUM |
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. | |||||
CVE-2020-27619 | 3 Fedoraproject, Oracle, Python | 3 Fedora, Communications Cloud Native Core Network Function Cloud Native Environment, Python | 2024-02-03 | 7.5 HIGH | 9.8 CRITICAL |
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. | |||||
CVE-2021-41645 | 1 Budget And Expense Tracker System Project | 1 Budget And Expense Tracker System | 2024-02-03 | 6.5 MEDIUM | 8.8 HIGH |
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. . | |||||
CVE-2021-40247 | 1 Budget And Expense Tracker System Project | 1 Budget And Expense Tracker System | 2024-02-03 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. | |||||
CVE-2021-33631 | 1 Huawei | 1 Openeuler | 2024-02-03 | N/A | 7.8 HIGH |
Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0. |