Filtered by vendor Linux
Subscribe
Total
6218 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2959 | 1 Linux | 1 Linux Kernel | 2023-05-26 | N/A | 7.0 HIGH |
| A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system. | |||||
| CVE-2023-1195 | 1 Linux | 1 Linux Kernel | 2023-05-26 | N/A | 5.5 MEDIUM |
| A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request. | |||||
| CVE-2022-45458 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect, Macos and 2 more | 2023-05-26 | N/A | 7.5 HIGH |
| Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984. | |||||
| CVE-2022-45453 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2023-05-26 | N/A | 7.5 HIGH |
| TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. | |||||
| CVE-2022-45450 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect, Macos and 2 more | 2023-05-26 | N/A | 7.5 HIGH |
| Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984. | |||||
| CVE-2023-33203 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-05-26 | N/A | 6.4 MEDIUM |
| The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device. | |||||
| CVE-2023-28514 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2023-05-26 | N/A | 5.5 MEDIUM |
| IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398. | |||||
| CVE-2022-47984 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-05-26 | N/A | 9.8 CRITICAL |
| IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163. | |||||
| CVE-2023-28950 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2023-05-26 | N/A | 5.5 MEDIUM |
| IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358. | |||||
| CVE-2023-22878 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-05-26 | N/A | 5.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373. | |||||
| CVE-2023-28529 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-05-26 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213. | |||||
| CVE-2023-32336 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-05-26 | N/A | 9.8 CRITICAL |
| IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285. | |||||
| CVE-2023-27863 | 2 Ibm, Linux | 2 Spectrum Protect, Linux Kernel | 2023-05-19 | N/A | 4.9 MEDIUM |
| IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325. | |||||
| CVE-2021-29657 | 1 Linux | 1 Linux Kernel | 2023-05-19 | 6.9 MEDIUM | 7.4 HIGH |
| arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun. | |||||
| CVE-2013-4348 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-05-19 | 7.1 HIGH | N/A |
| The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation. | |||||
| CVE-2013-4563 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-05-19 | 7.1 HIGH | N/A |
| The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline. | |||||
| CVE-2014-5077 | 4 Canonical, Linux, Redhat and 1 more | 8 Ubuntu Linux, Linux Kernel, Enterprise Linux Eus and 5 more | 2023-05-19 | 7.1 HIGH | N/A |
| The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. | |||||
| CVE-2018-18559 | 2 Linux, Redhat | 9 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 6 more | 2023-05-16 | 6.8 MEDIUM | 8.1 HIGH |
| In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control. | |||||
| CVE-2016-9777 | 1 Linux | 1 Linux Kernel | 2023-05-16 | 6.9 MEDIUM | 7.8 HIGH |
| KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h. | |||||
| CVE-2022-47943 | 1 Linux | 1 Linux Kernel | 2023-05-16 | N/A | 8.1 HIGH |
| An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case. | |||||