Vulnerabilities > Kernel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2020-21583 | Unspecified vulnerability in Kernel Util-Linux An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date. | 6.7 |
| 2022-08-23 | CVE-2021-3995 | Files or Directories Accessible to External Parties vulnerability in multiple products A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. | 5.5 |
| 2022-08-23 | CVE-2021-3996 | Files or Directories Accessible to External Parties vulnerability in multiple products A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. | 5.5 |
| 2022-02-21 | CVE-2022-0563 | Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. | 5.5 |
| 2021-07-30 | CVE-2021-37600 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. | 5.5 |
| 2020-05-26 | CVE-2020-10751 | Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in multiple products A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. | 6.1 |
| 2017-04-11 | CVE-2016-5011 | The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. | 4.9 |
| 2009-09-22 | CVE-2009-3288 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. | 4.9 |
| 2001-12-31 | CVE-2001-1494 | Link Following vulnerability in multiple products script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. | 5.5 |