CVE-2020-28374
- EPSS 6.56%
- Veröffentlicht 13.01.2021 04:15:12
- Zuletzt bearbeitet 21.11.2024 05:22:41
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c938...
CVE-2021-0342
- EPSS 0.17%
- Veröffentlicht 11.01.2021 21:15:13
- Zuletzt bearbeitet 21.11.2024 05:42:32
In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Ve...
CVE-2020-27835
- EPSS 0.31%
- Veröffentlicht 07.01.2021 18:15:13
- Zuletzt bearbeitet 21.11.2024 05:21:54
A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.
CVE-2020-36158
- EPSS 2.21%
- Veröffentlicht 05.01.2021 05:15:10
- Zuletzt bearbeitet 21.11.2024 05:28:50
mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.
CVE-2020-27066
- EPSS 0.16%
- Veröffentlicht 15.12.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:20:44
In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2020-27067
- EPSS 0.14%
- Veröffentlicht 15.12.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:20:44
In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: And...
CVE-2020-27068
- EPSS 0.75%
- Veröffentlicht 15.12.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:20:44
Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel
CVE-2020-27777
- EPSS 0.5%
- Veröffentlicht 15.12.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:21:48
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use...
CVE-2020-29568
- EPSS 0.35%
- Veröffentlicht 15.12.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:24:13
An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue i...
CVE-2020-29569
- EPSS 0.39%
- Veröffentlicht 15.12.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:24:13
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to ru...