Filtered by vendor Linux
Subscribe
Total
6218 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4606 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2 High Performance Unload Load, Linux Kernel, Windows and 1 more | 2019-12-16 | 6.9 MEDIUM | 7.8 HIGH |
| IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298. | |||||
| CVE-2011-3355 | 2 Gnome, Linux | 2 Evolution-data-server3, Linux Kernel | 2019-12-14 | 4.3 MEDIUM | 7.3 HIGH |
| evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim. | |||||
| CVE-2019-19230 | 3 Broadcom, Linux, Microsoft | 3 Nolio, Linux Kernel, Windows | 2019-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code. | |||||
| CVE-2019-19719 | 3 Linux, Microsoft, Tableau | 3 Linux Kernel, Windows, Tableau Server | 2019-12-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page. | |||||
| CVE-2019-19227 | 1 Linux | 1 Linux Kernel | 2019-12-12 | 2.1 LOW | 5.5 MEDIUM |
| In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122. | |||||
| CVE-2019-15919 | 2 Linux, Opensuse | 2 Linux Kernel, Leap | 2019-12-11 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free. | |||||
| CVE-2019-15920 | 2 Linux, Opensuse | 2 Linux Kernel, Leap | 2019-12-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak. | |||||
| CVE-2015-9289 | 1 Linux | 1 Linux Kernel | 2019-12-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. | |||||
| CVE-2013-4486 | 2 Linux, Redhat | 2 Linux Kernel, Zanata | 2019-12-05 | 6.8 MEDIUM | 9.8 CRITICAL |
| Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | |||||
| CVE-2019-19037 | 1 Linux | 1 Linux Kernel | 2019-12-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. | |||||
| CVE-2019-17445 | 2 Eracent, Linux | 7 Eda Agent, Epa Agent, Epm Agent and 4 more | 2019-12-04 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following. | |||||
| CVE-2019-17446 | 2 Eracent, Linux | 2 Epa Agent, Linux Kernel | 2019-12-04 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Eracent EPA Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be used to start external programs with elevated permissions because of an Untrusted Search Path. | |||||
| CVE-2019-10223 | 3 Kubernetes, Linux, Redhat | 3 Kube-state-metrics, Linux Kernel, Openshift Container Platform | 2019-11-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and released as the v1.7.2 release. If you are running the v1.7.0 or v1.7.1 release, please upgrade to the v1.7.2 release as soon as possible. | |||||
| CVE-2019-14678 | 6 Hp, Ibm, Linux and 3 more | 15 Hp-ux, Aix, Z\/os and 12 more | 2019-11-22 | 7.5 HIGH | 10.0 CRITICAL |
| SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used. | |||||
| CVE-2010-2243 | 1 Linux | 1 Linux Kernel | 2019-11-22 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS. | |||||
| CVE-2018-20855 | 3 Linux, Netapp, Opensuse | 6 Linux Kernel, Active Iq Performance Analytics Services, Active Iq Unified Manager and 3 more | 2019-11-20 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. | |||||
| CVE-2019-17360 | 4 Hitachi, Linux, Microsoft and 1 more | 8 Device Manager, Infrastructure Analytics Advisor, Replication Manager and 5 more | 2019-11-18 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption. | |||||
| CVE-2018-21026 | 4 Hitachi, Linux, Microsoft and 1 more | 8 Compute Systems Manager, Device Manager, Replication Manager and 5 more | 2019-11-18 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. | |||||
| CVE-2019-4652 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2019-11-14 | 3.6 LOW | 7.1 HIGH |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963. | |||||
| CVE-2017-8001 | 2 Dell, Linux | 2 Emc Scaleio, Linux Kernel | 2019-11-14 | 2.1 LOW | 8.4 HIGH |
| An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials. | |||||