cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-21505,https://securityvulnerability.io/vulnerability/CVE-2022-21505,Linux Kernel Vulnerability Affecting Secure Boot Mechanisms,"In the Linux kernel, a security flaw exists related to the use of Integrity Measurement Architecture (IMA) appraisal with the boot parameter 'ima_appraise=log'. If this parameter is set and Secure Boot is either disabled or not available, the system's lockdown can potentially be exploited using the kexec command. While IMA provides protection by preventing the setting of 'ima_appraise=log' when Secure Boot is enabled, this safeguard does not extend to scenarios where lockdown is operational without Secure Boot. This situation raises significant concerns regarding the confidentiality, integrity, and availability of the affected systems, as malicious actors may exploit this vulnerability to bypass security mechanisms.",Oracle,Oracle Linux,6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-24T18:48:23.588Z,0
CVE-2023-22024,https://securityvulnerability.io/vulnerability/CVE-2023-22024,,"In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant.  A malicious local user with CAP_NET_ADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",Oracle,"Oracle Linux,Oracle Vm",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-09-20T21:15:00.000Z,0
CVE-2022-21385,https://securityvulnerability.io/vulnerability/CVE-2022-21385,,A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H),Oracle,Oracle Linux,6.2,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2022-08-29T20:35:08.000Z,0
CVE-2022-21504,https://securityvulnerability.io/vulnerability/CVE-2022-21504,,"The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket, and cause a denial of service. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",Oracle,Oracle Linux,5.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2022-06-14T17:50:10.000Z,0
CVE-2022-21499,https://securityvulnerability.io/vulnerability/CVE-2022-21499,,"KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",Oracle,"Oracle Linux,Oracle Vm",6.7,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2022-06-09T20:15:28.000Z,0
CVE-2021-2464,https://securityvulnerability.io/vulnerability/CVE-2021-2464,,"Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",Oracle,Oracle Linux,7.8,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2021-09-24T18:55:08.000Z,0
CVE-2020-2732,https://securityvulnerability.io/vulnerability/CVE-2020-2732,,"A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.",Oracle,Oracle Linux,5.8,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2020-04-08T21:10:14.000Z,0
CVE-2016-7039,https://securityvulnerability.io/vulnerability/CVE-2016-7039,,"The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.",Oracle,"Vm Server,Linux",7.5,HIGH,0.005080000031739473,false,false,false,false,,false,false,2016-10-16T21:00:00.000Z,0
CVE-2016-0617,https://securityvulnerability.io/vulnerability/CVE-2016-0617,,Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors.,Oracle,Linux,5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2016-09-30T14:00:00.000Z,0
CVE-2016-2776,https://securityvulnerability.io/vulnerability/CVE-2016-2776,,"buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.",Oracle,Linux,7.5,HIGH,0.9714300036430359,false,false,false,true,true,false,false,2016-09-28T10:00:00.000Z,0
CVE-2016-6250,https://securityvulnerability.io/vulnerability/CVE-2016-6250,,"Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.",Oracle,Linux,8.6,HIGH,0.014209999702870846,false,false,false,false,,false,false,2016-09-21T14:00:00.000Z,0
CVE-2016-5408,https://securityvulnerability.io/vulnerability/CVE-2016-5408,,Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051.,Oracle,Linux,9.8,CRITICAL,0.005169999785721302,false,false,false,false,,false,false,2016-08-10T14:00:00.000Z,0
CVE-2016-6197,https://securityvulnerability.io/vulnerability/CVE-2016-6197,,"fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.",Oracle,Linux,5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2016-08-06T20:00:00.000Z,0
CVE-2016-5265,https://securityvulnerability.io/vulnerability/CVE-2016-5265,,"Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory.",Oracle,Linux,5.5,MEDIUM,0.0021100000012665987,false,false,false,false,,false,false,2016-08-05T01:00:00.000Z,0
CVE-2016-5252,https://securityvulnerability.io/vulnerability/CVE-2016-5252,,Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.,Oracle,Linux,8.8,HIGH,0.01257999986410141,false,false,false,false,,false,false,2016-08-05T01:00:00.000Z,0
CVE-2016-5258,https://securityvulnerability.io/vulnerability/CVE-2016-5258,,Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.,Oracle,Linux,8.8,HIGH,0.020169999450445175,false,false,false,false,,false,false,2016-08-05T01:00:00.000Z,0
CVE-2016-3550,https://securityvulnerability.io/vulnerability/CVE-2016-3550,,"Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot.",Oracle,Linux,4.3,MEDIUM,0.0035699999425560236,false,false,false,false,,false,false,2016-07-21T10:00:00.000Z,0
CVE-2016-3587,https://securityvulnerability.io/vulnerability/CVE-2016-3587,,"Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.",Oracle,Linux,9.6,CRITICAL,0.012590000405907631,false,false,false,false,,false,false,2016-07-21T10:00:00.000Z,0
CVE-2016-3458,https://securityvulnerability.io/vulnerability/CVE-2016-3458,,"Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA.",Oracle,"Linux,Jdk,Jre",4.3,MEDIUM,0.004220000002533197,false,false,false,false,,false,false,2016-07-21T10:00:00.000Z,0
CVE-2016-3615,https://securityvulnerability.io/vulnerability/CVE-2016-3615,,"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.",Oracle,Linux,5.3,MEDIUM,0.02800000086426735,false,false,false,false,,false,false,2016-07-21T10:00:00.000Z,0
CVE-2016-3606,https://securityvulnerability.io/vulnerability/CVE-2016-3606,,"Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.",Oracle,Linux,9.6,CRITICAL,0.021290000528097153,false,false,false,false,,false,false,2016-07-21T10:00:00.000Z,0
CVE-2016-3500,https://securityvulnerability.io/vulnerability/CVE-2016-3500,,"Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.",Oracle,Linux,5.3,MEDIUM,0.007240000180900097,false,false,false,false,,false,false,2016-07-21T10:00:00.000Z,0
CVE-2016-5385,https://securityvulnerability.io/vulnerability/CVE-2016-5385,,"PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an ""httpoxy"" issue.",Oracle,"Enterprise Manager Ops Center,Communications User Data Repository,Linux",8.1,HIGH,0.9401500225067139,false,false,false,false,,false,false,2016-07-19T01:00:00.000Z,0
CVE-2016-4554,https://securityvulnerability.io/vulnerability/CVE-2016-4554,,"mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a ""header smuggling"" issue.",Oracle,Linux,8.6,HIGH,0.0036100000143051147,false,false,false,false,,false,false,2016-05-10T19:00:00.000Z,0
CVE-2016-0650,https://securityvulnerability.io/vulnerability/CVE-2016-0650,,"Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.",Oracle,Linux,5.5,MEDIUM,0.0006200000061653554,false,false,false,false,,false,false,2016-04-21T10:00:00.000Z,0