Filtered by vendor Linux
Subscribe
Total
6218 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4310 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Mq and 4 more | 2020-06-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081. | |||||
| CVE-2019-20806 | 1 Linux | 1 Linux Kernel | 2020-06-19 | 2.1 LOW | 4.4 MEDIUM |
| An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75. | |||||
| CVE-2020-4406 | 3 Ibm, Linux, Microsoft | 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more | 2020-06-18 | 3.5 LOW | 5.4 MEDIUM |
| IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488. | |||||
| CVE-2020-12654 | 1 Linux | 1 Linux Kernel | 2020-06-16 | 4.3 MEDIUM | 7.1 HIGH |
| An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. | |||||
| CVE-2019-4576 | 2 Ibm, Linux | 2 Qradar Network Packet Capture, Linux Kernel | 2020-06-16 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166803. | |||||
| CVE-2020-12657 | 1 Linux | 1 Linux Kernel | 2020-06-13 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. | |||||
| CVE-2020-12652 | 1 Linux | 1 Linux Kernel | 2020-06-13 | 4.7 MEDIUM | 4.1 MEDIUM |
| The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power." | |||||
| CVE-2020-11609 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2020-06-13 | 4.9 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. | |||||
| CVE-2020-11608 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2020-06-13 | 4.9 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. | |||||
| CVE-2020-8428 | 1 Linux | 1 Linux Kernel | 2020-06-10 | 3.6 LOW | 7.1 HIGH |
| fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed. | |||||
| CVE-2020-11668 | 1 Linux | 1 Linux Kernel | 2020-06-10 | 5.6 MEDIUM | 7.1 HIGH |
| In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. | |||||
| CVE-2019-19768 | 1 Linux | 1 Linux Kernel | 2020-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer). | |||||
| CVE-2018-14612 | 1 Linux | 1 Linux Kernel | 2020-06-10 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c. | |||||
| CVE-2018-14611 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2020-06-10 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfs_check_chunk_valid in fs/btrfs/volumes.c. | |||||
| CVE-2018-14610 | 1 Linux | 1 Linux Kernel | 2020-06-10 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c. | |||||
| CVE-2020-4191 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2020-06-05 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174852. | |||||
| CVE-2020-4183 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2020-06-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174739. | |||||
| CVE-2020-4509 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2020-06-05 | 5.5 MEDIUM | 7.6 HIGH |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182364. | |||||
| CVE-2011-1113 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2020-06-04 | 5.0 MEDIUM | N/A |
| Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly perform pickle deserialization, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-1186 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2020-06-02 | 5.0 MEDIUM | N/A |
| Google Chrome before 10.0.648.127 on Linux does not properly handle parallel execution of calls to the print method, which might allow remote attackers to cause a denial of service (application crash) via crafted JavaScript code. | |||||