cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-21505,https://securityvulnerability.io/vulnerability/CVE-2022-21505,Linux Kernel Vulnerability Affecting Secure Boot Mechanisms,"In the Linux kernel, a security flaw exists related to the use of Integrity Measurement Architecture (IMA) appraisal with the boot parameter 'ima_appraise=log'. If this parameter is set and Secure Boot is either disabled or not available, the system's lockdown can potentially be exploited using the kexec command. While IMA provides protection by preventing the setting of 'ima_appraise=log' when Secure Boot is enabled, this safeguard does not extend to scenarios where lockdown is operational without Secure Boot. This situation raises significant concerns regarding the confidentiality, integrity, and availability of the affected systems, as malicious actors may exploit this vulnerability to bypass security mechanisms.",Oracle,Oracle Linux,6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-24T18:48:23.588Z,0
CVE-2023-22024,https://securityvulnerability.io/vulnerability/CVE-2023-22024,Kernel Crash Vulnerability in Oracle's Unbreakable Enterprise Kernel,"The Unbreakable Enterprise Kernel (UEK) contains a vulnerability in its RDS module, where the setsockopt options RDS_CONN_RESET and RDS6_CONN_RESET are not re-entrant. This flaw allows a malicious local user with CAP_NET_ADMIN privileges to exploit the vulnerability, potentially leading to a system crash. As a result, this can disrupt the availability of the kernel, impacting overall system operations.",Oracle,"Oracle Linux,Oracle Vm",5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-09-20T21:15:00.000Z,0
CVE-2022-21385,https://securityvulnerability.io/vulnerability/CVE-2022-21385,Local User Vulnerability in Oracle Linux Kernel,A flaw identified in the Oracle Linux kernel's net_rds_alloc_sgs() function permits unprivileged local users to initiate a system crash. This vulnerability poses a significant risk as it can disrupt system availability and cause unplanned downtime. It is essential to apply necessary patches to mitigate this exposure.,Oracle,Oracle Linux,6.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2022-08-29T20:35:08.000Z,0
CVE-2022-21504,https://securityvulnerability.io/vulnerability/CVE-2022-21504,Use Count Error in Oracle Linux UEK6 U3 Leads to Denial of Service,"A critical issue has been identified in Oracle Linux UEK6 U3 where an inappropriate file descriptor count management leads to a use count error. This flaw permits a socket's file descriptor to be prematurely closed and freed while it is still in operation. Attackers with local access can exploit this vulnerability to manipulate the socket, potentially triggering a denial of service. This situation arises due to concurrency issues in the kernel's file descriptor management.",Oracle,Oracle Linux,5.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-06-14T17:50:10.000Z,0
CVE-2022-21499,https://securityvulnerability.io/vulnerability/CVE-2022-21499,Kernel Debugger Vulnerability in Debian,"This vulnerability allows unauthorized read and write access to kernel memory through the KGDB and KDB interfaces. Attackers with access to the system's serial port can exploit this vulnerability by triggering the kernel debugger, which may not adhere to the lockdown restrictions. This poses a significant threat to the confidentiality, integrity, and availability of the system as it enables potential manipulation or exposure of sensitive kernel memory data.",Oracle,"Oracle Linux,Oracle Vm",6.7,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2022-06-09T20:15:28.000Z,0
CVE-2021-2464,https://securityvulnerability.io/vulnerability/CVE-2021-2464,Filesystem Exposure in Oracle Linux OSwatcher by Oracle,"A vulnerability exists within the OSwatcher component of Oracle Linux, impacting versions 7 and 8. This issue allows low-privileged attackers who are logged into the infrastructure to exploit the vulnerability, potentially leading to compromise of the Oracle Linux environment. Successful exploitation could enable unauthorized control over the system, affecting its confidentiality, integrity, and availability. Users of Oracle Linux are encouraged to apply the necessary patches and maintain vigilant security practices to safeguard against potential attacks.",Oracle,Oracle Linux,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-09-24T18:55:08.000Z,0
CVE-2020-2732,https://securityvulnerability.io/vulnerability/CVE-2020-2732,Vulnerability in KVM Hypervisor Affects Nested Virtualization,"A flaw has been identified in the KVM hypervisor regarding its handling of instruction emulation for L2 guests when nested virtualization is enabled. Under specific conditions, an L2 guest can manipulate the L0 guest into accessing sensitive L1 resources that should otherwise remain inaccessible to the L2 guest. This vulnerability poses significant security risks in environments relying on nested virtualization, as it undermines the expected isolation between virtual machines.",Oracle,Oracle Linux,5.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2020-04-08T21:10:14.000Z,0
CVE-2016-7039,https://securityvulnerability.io/vulnerability/CVE-2016-7039,,"The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.",Oracle,"Vm Server,Linux",7.5,HIGH,0.005080000031739473,false,,false,false,false,,,false,false,,2016-10-16T21:00:00.000Z,0
CVE-2016-0617,https://securityvulnerability.io/vulnerability/CVE-2016-0617,,Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors.,Oracle,Linux,5.5,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2016-09-30T14:00:00.000Z,0
CVE-2016-2776,https://securityvulnerability.io/vulnerability/CVE-2016-2776,,"buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.",Oracle,Linux,7.5,HIGH,0.9714300036430359,false,,false,false,true,2016-09-28T10:07:24.000Z,true,false,false,,2016-09-28T10:00:00.000Z,0
CVE-2016-6250,https://securityvulnerability.io/vulnerability/CVE-2016-6250,,"Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.",Oracle,Linux,8.6,HIGH,0.014209999702870846,false,,false,false,false,,,false,false,,2016-09-21T14:00:00.000Z,0
CVE-2016-5408,https://securityvulnerability.io/vulnerability/CVE-2016-5408,,Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051.,Oracle,Linux,9.8,CRITICAL,0.005169999785721302,false,,false,false,false,,,false,false,,2016-08-10T14:00:00.000Z,0
CVE-2016-6197,https://securityvulnerability.io/vulnerability/CVE-2016-6197,,"fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.",Oracle,Linux,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2016-08-06T20:00:00.000Z,0
CVE-2016-5265,https://securityvulnerability.io/vulnerability/CVE-2016-5265,,"Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory.",Oracle,Linux,5.5,MEDIUM,0.0021100000012665987,false,,false,false,false,,,false,false,,2016-08-05T01:00:00.000Z,0
CVE-2016-5252,https://securityvulnerability.io/vulnerability/CVE-2016-5252,,Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.,Oracle,Linux,8.8,HIGH,0.01257999986410141,false,,false,false,false,,,false,false,,2016-08-05T01:00:00.000Z,0
CVE-2016-5258,https://securityvulnerability.io/vulnerability/CVE-2016-5258,,Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.,Oracle,Linux,8.8,HIGH,0.020169999450445175,false,,false,false,false,,,false,false,,2016-08-05T01:00:00.000Z,0
CVE-2016-3587,https://securityvulnerability.io/vulnerability/CVE-2016-3587,,"Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.",Oracle,Linux,9.6,CRITICAL,0.012590000405907631,false,,false,false,false,,,false,false,,2016-07-21T10:00:00.000Z,0
CVE-2016-3458,https://securityvulnerability.io/vulnerability/CVE-2016-3458,,"Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA.",Oracle,"Linux,Jdk,Jre",4.3,MEDIUM,0.004220000002533197,false,,false,false,false,,,false,false,,2016-07-21T10:00:00.000Z,0
CVE-2016-3550,https://securityvulnerability.io/vulnerability/CVE-2016-3550,,"Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot.",Oracle,Linux,4.3,MEDIUM,0.0035699999425560236,false,,false,false,false,,,false,false,,2016-07-21T10:00:00.000Z,0
CVE-2016-3615,https://securityvulnerability.io/vulnerability/CVE-2016-3615,,"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.",Oracle,Linux,5.3,MEDIUM,0.02800000086426735,false,,false,false,false,,,false,false,,2016-07-21T10:00:00.000Z,0
CVE-2016-3500,https://securityvulnerability.io/vulnerability/CVE-2016-3500,,"Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.",Oracle,Linux,5.3,MEDIUM,0.007240000180900097,false,,false,false,false,,,false,false,,2016-07-21T10:00:00.000Z,0
CVE-2016-3606,https://securityvulnerability.io/vulnerability/CVE-2016-3606,,"Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.",Oracle,Linux,9.6,CRITICAL,0.021290000528097153,false,,false,false,false,,,false,false,,2016-07-21T10:00:00.000Z,0
CVE-2016-5385,https://securityvulnerability.io/vulnerability/CVE-2016-5385,,"PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an ""httpoxy"" issue.",Oracle,"Enterprise Manager Ops Center,Communications User Data Repository,Linux",8.1,HIGH,0.9401500225067139,false,,false,false,false,,,false,false,,2016-07-19T01:00:00.000Z,0
CVE-2016-4554,https://securityvulnerability.io/vulnerability/CVE-2016-4554,,"mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a ""header smuggling"" issue.",Oracle,Linux,8.6,HIGH,0.0036100000143051147,false,,false,false,false,,,false,false,,2016-05-10T19:00:00.000Z,0
CVE-2016-0650,https://securityvulnerability.io/vulnerability/CVE-2016-0650,,"Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.",Oracle,Linux,5.5,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2016-04-21T10:00:00.000Z,0