Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~293699 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-08-07 | CVE-2006-3635 | The ia64 subsystem in the Linux kernel before 2.6.26 allows local users to cause a denial of service (stack consumption and system crash) via a crafted application that leverages the mishandling of invalid Register Stack Engine (RSE) state. | Linux_kernel | 5.5 | ||
| 2016-05-02 | CVE-2008-7316 | mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length. | Linux_kernel | 5.5 | ||
| 2017-04-24 | CVE-2007-6761 | drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321. | Linux_kernel | 7.8 | ||
| 2017-10-29 | CVE-2006-5331 | The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected by the kernel, which allows local users to cause a denial of service (panic) by triggering execution of an Altivec instruction. | Linux_kernel | 5.5 | ||
| 2012-06-21 | CVE-2010-4250 | Memory leak in the inotify_init1 function in fs/notify/inotify/inotify_user.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory consumption) via vectors involving failed attempts to create files. | Linux_kernel | N/A | ||
| 2012-06-21 | CVE-2011-1023 | The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel before 2.6.38 does not properly handle congestion map updates, which allows local users to cause a denial of service (BUG_ON and system crash) via vectors involving (1) a loopback (aka loop) transmit operation or (2) an InfiniBand (aka ib) transmit operation. | Linux_kernel | N/A | ||
| 2012-06-21 | CVE-2011-1021 | drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347. | Linux_kernel | N/A |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2021-11-29 | CVE-2021-44203 | Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | Cyber_protect | 5.4 | |
| 2021-11-24 | CVE-2021-34423 | A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms... | Android_meeting_sdk, Android_video_sdk, Controllers_for_zoom_rooms, Hybrid_mmr, Hybrid_zproxy, Iphone_os_meeting_sdk, Iphone_os_video_sdk, Macos_meeting_sdk, Macos_video_sdk, Meetings, Meetings_for_blackberry, Meetings_for_chrome_os, Meetings_for_intune, Rooms_for_conference_rooms, Vdi_azure_virtual_desktop, Vdi_citrix, Vdi_vmware, Vdi_windows_meeting_client, Virtual_desktop_infrastructure, Windows_meeting_sdk, Windows_video_sdk, Zoom_on\-Premise_meeting_connector_controller, Zoom_on\-Premise_meeting_connector_mmr, Zoom_on\-Premise_recording_connector, Zoom_on\-Premise_virtual_room_connector, Zoom_on\-Premise_virtual_room_connector_load_balancer | 9.8 | |
| 2021-11-24 | CVE-2021-34424 | A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android,... | Android_meeting_sdk, Android_video_sdk, Controllers_for_zoom_rooms, Hybrid_mmr, Hybrid_zproxy, Iphone_os_meeting_sdk, Iphone_os_video_sdk, Macos_meeting_sdk, Macos_video_sdk, Meetings, Meetings_for_blackberry, Meetings_for_chrome_os, Meetings_for_intune, Rooms_for_conference_rooms, Vdi_azure_virtual_desktop, Vdi_citrix, Vdi_vmware, Virtual_desktop_infrastructure, Windows_meeting_sdk, Windows_video_sdk, Zoom_on\-Premise_meeting_connector_controller, Zoom_on\-Premise_meeting_connector_mmr, Zoom_on\-Premise_recording_connector, Zoom_on\-Premise_virtual_room_connector, Zoom_on\-Premise_virtual_room_connector_load_balancer | 7.5 | |
| 2021-11-24 | CVE-2021-31822 | When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access. | Tentacle | 7.8 | |
| 2021-11-24 | CVE-2021-3553 | A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. | Endpoint_security_tools, Gravityzone | 7.5 | |
| 2021-11-24 | CVE-2021-3554 | Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. | Endpoint_security_tools, Gravityzone | 10.0 | |
| 2021-11-23 | CVE-2021-40830 | The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case)... | Amazon_web_services_aws\-C\-Io, Amazon_web_services_internet_of_things_device_software_development_kit_v2 | 8.8 |