accipiter7 / alpha-1 Goto Github PK
View Code? Open in Web Editor NEWLicense: Other
License: Other
Linux Stable -rc releases
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Found in HEAD commit: f7ef149bc2f2a05a188cb42db25586d7e0e29579
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.
Publish Date: 2019-05-10
URL: CVE-2019-11884
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11884
Release Date: 2019-05-10
Fix Resolution: 5.0.15
Step up your Open Source Security Game with WhiteSource here
Library home page: https://github.com/sfjro/aufs4-linux.git
Found in HEAD commit: f7ef149bc2f2a05a188cb42db25586d7e0e29579
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).
Publish Date: 2018-03-10
URL: CVE-2018-8043
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-8043
Release Date: 2018-03-10
Fix Resolution: v4.16-rc1
Step up your Open Source Security Game with WhiteSource here
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
Publish Date: 2020-05-08
URL: CVE-2020-10690
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10690
Release Date: 2020-05-08
Fix Resolution: v5.5-rc5
Step up your Open Source Security Game with WhiteSource here
** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here."
Publish Date: 2016-02-08
URL: CVE-2015-8709
Base Score Metrics:
Type: Upgrade version
Origin: http://www.securitytracker.com/id/1034899
Fix Resolution: The vendor has issued a source code fix [in December 2015], available at:
Step up your Open Source Security Game with WhiteSource here
Linux kernel source tree
Library home page: https://github.com/kusumi/linux.git
Found in HEAD commit: 2a6048805ddf1b45ed7225c138c52761e360c5dd
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a.
Publish Date: 2019-11-25
URL: CVE-2019-19252
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19252
Release Date: 2019-11-25
Fix Resolution: v5.5-rc1
Step up your Open Source Security Game with WhiteSource here
Linux kernel source tree
Library home page: https://github.com/kusumi/linux.git
Found in HEAD commit: 2a6048805ddf1b45ed7225c138c52761e360c5dd
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
** DISPUTED ** An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue.
Publish Date: 2019-05-28
URL: CVE-2019-12379
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12379
Release Date: 2019-05-28
Fix Resolution: v5.1-rc6
Step up your Open Source Security Game with WhiteSource here
The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.
Publish Date: 2018-03-15
URL: CVE-2017-18232
Base Score Metrics:
Type: Change files
Origin: torvalds/linux@0558f33
Release Date: 2018-01-11
Fix Resolution: Replace or update the following files: sas_expander.c, sas_discover.c, sas_port.c, libsas.h, sas_internal.h, sas_ata.c, scsi_transport_sas.h
Step up your Open Source Security Game with WhiteSource here
Linux kernel source tree
Library home page: https://github.com/kusumi/linux.git
Found in HEAD commit: 2a6048805ddf1b45ed7225c138c52761e360c5dd
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).
Publish Date: 2019-12-12
URL: CVE-2019-19769
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Linux Stable -rc releases
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Found in HEAD commit: f7ef149bc2f2a05a188cb42db25586d7e0e29579
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.
Publish Date: 2020-01-16
URL: CVE-2019-18282
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18282
Release Date: 2020-01-16
Fix Resolution: 5.3.10
Step up your Open Source Security Game with WhiteSource here
Library home page: https://github.com/sfjro/aufs4-linux.git
Found in HEAD commit: f7ef149bc2f2a05a188cb42db25586d7e0e29579
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c driver.
Publish Date: 2019-08-19
URL: CVE-2019-15223
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15223
Release Date: 2019-08-19
Fix Resolution: v5.3-rc3
Step up your Open Source Security Game with WhiteSource here
Kernel tree for Qualcomm chipsets
Library home page: https://android.googlesource.com/kernel/msm
Found in HEAD commit: f7ef149bc2f2a05a188cb42db25586d7e0e29579
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.
Publish Date: 2018-07-03
URL: CVE-2018-13094
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13094
Release Date: 2018-07-03
Fix Resolution: v4.18-rc1
Step up your Open Source Security Game with WhiteSource here
Linux kernel source tree
Library home page: https://github.com/kusumi/linux.git
Found in HEAD commit: f7ef149bc2f2a05a188cb42db25586d7e0e29579
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.
Publish Date: 2020-01-31
URL: CVE-2019-3016
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3016
Release Date: 2020-01-31
Fix Resolution: v5.6-rc1
Step up your Open Source Security Game with WhiteSource here
Modules tree
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux.git
Found in HEAD commit: 2a6048805ddf1b45ed7225c138c52761e360c5dd
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
Publish Date: 2018-12-18
URL: CVE-2018-16884
Base Score Metrics:
Type: Change files
Origin: torvalds/linux@d4b09ac#diff-976c52e84334e5a1dc6391ee4bc36d3e
Release Date: 2018-12-28
Fix Resolution: Replace or update the following files: svc.c, svc.h, svcsock.c, svc_xprt.c, sunrpc.h
Step up your Open Source Security Game with WhiteSource here
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: f7ef149bc2f2a05a188cb42db25586d7e0e29579
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.
Publish Date: 2018-08-10
URL: CVE-2018-7754
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Linux kernel source tree
Library home page: https://github.com/kusumi/linux.git
Found in HEAD commit: 2a6048805ddf1b45ed7225c138c52761e360c5dd
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
Publish Date: 2016-06-27
URL: CVE-2016-1583
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-1583
Release Date: 2016-06-27
Fix Resolution: 4.6.3
Step up your Open Source Security Game with WhiteSource here
Linux kernel source tree
Library home page: https://github.com/kusumi/linux.git
Found in HEAD commit: 2a6048805ddf1b45ed7225c138c52761e360c5dd
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit.
Publish Date: 2015-05-27
URL: CVE-2014-9710
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-9710
Release Date: 2015-05-27
Fix Resolution: 3.19
Step up your Open Source Security Game with WhiteSource here
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: f7ef149bc2f2a05a188cb42db25586d7e0e29579
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
Publish Date: 2019-10-18
URL: CVE-2019-18198
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18198
Release Date: 2019-10-18
Fix Resolution: v5.4-rc1
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.