#Vulnerabilities 23
Date Id Summary Products Score Patch Annotated
2021-11-01 CVE-2021-42574 An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode... Fedora, Starwind_virtual_san, Unicode 8.3
2021-10-20 CVE-2021-42739 The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. Debian_linux, Fedora, Linux_kernel, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy, Starwind_san_\&_nas, Starwind_virtual_san 6.7
2021-09-26 CVE-2021-41617 sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Fedora, Active_iq_unified_manager, Aff_500f_firmware, Aff_a250_firmware, Clustered_data_ontap, Hci_management_node, Ontap_select_deploy_administration_utility, Solidfire, Openssh, Http_server, Zfs_storage_appliance_kit, Starwind_virtual_san 7.0
2018-10-10 CVE-2018-16737 tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. Starwind_virtual_san, Tinc 5.3
2018-10-10 CVE-2018-16738 tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1. Debian_linux, Starwind_virtual_san, Tinc 3.7
2018-10-10 CVE-2018-16758 Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. Debian_linux, Starwind_virtual_san, Tinc 5.9
2020-09-15 CVE-2020-14314 A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. Ubuntu_linux, Debian_linux, Linux_kernel, Starwind_virtual_san 5.5
2021-01-19 CVE-2020-14409 SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. Debian_linux, Fedora, Simple_directmedia_layer, Starwind_virtual_san 7.8
2021-08-23 CVE-2021-37750 The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. Debian_linux, Fedora, Kerberos_5, Communications_cloud_native_core_network_slice_selection_function, Starwind_virtual_san 6.5
2022-01-28 CVE-2021-4034 A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code.... Ubuntu_linux, Http_server, Zfs_storage_appliance_kit, Polkit, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation, Scalance_lpe9403_firmware, Sinumerik_edge, Command_center, Starwind_hyperconverged_appliance, Starwind_virtual_san, Enterprise_storage, Linux_enterprise_desktop, Linux_enterprise_high_performance_computing, Linux_enterprise_server, Linux_enterprise_workstation_extension, Manager_proxy, Manager_server 7.8