Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
security research team vulnerabilities and exploits
(subscribe to this query)
7
CVSSv3
CVE-2022-3328
Race condition in snap-confine's must_mkdir_and_open_with_perms()
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 22.04
Canonical Ubuntu Linux 22.10
Canonical Snapd
1 Github repository
NA
CVE-2014-3689
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.
Qemu Qemu
Debian Debian Linux 7.0
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 10.04
7.8
CVSSv3
CVE-2022-41973
multipath-tools 0.7.7 up to and including 0.9.x prior to 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to c...
Opensvc Multipath-tools
Fedoraproject Fedora 36
Debian Debian Linux 10.0
1 Github repository
7.8
CVSSv3
CVE-2022-41974
multipath-tools 0.7.0 up to and including 0.9.x prior to 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This ...
Opensvc Multipath-tools
Fedoraproject Fedora 36
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
5.5
CVSSv3
CVE-2021-3155
snapd 2.54.2 and previous versions created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local malicious user to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54...
Canonical Snapd
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 21.10
1 Article
7.8
CVSSv3
CVE-2021-4120
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in ...
Canonical Snapd
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 21.10
Fedoraproject Fedora 34
Fedoraproject Fedora 35
1 Article
8.8
CVSSv3
CVE-2021-44730
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2...
Canonical Snapd
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 21.10
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2015-0737
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote malicious users to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099.
Cisco Firesight System Software 5.3.1.1
5.9
CVSSv3
CVE-2017-15361
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions prior to 0000000000000422 - 4.34, prior to 000000000000062b - 6.43, and prior to 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for malicious us...
Infineon Trusted Platform Firmware 4.31
Infineon Trusted Platform Firmware 4.32
Infineon Trusted Platform Firmware 6.40
Infineon Trusted Platform Firmware 133.32
Infineon Rsa Library
13 Github repositories
2 Articles
7.8
CVSSv3
CVE-2021-44731
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local malicious user to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing sna...
Canonical Snapd
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 21.10
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »