Filtered by vendor Linux
Subscribe
Total
10566 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20556 | 3 Amd, Linux, Microsoft | 3 Amd Uprof, Linux Kernel, Windows | 2023-11-07 | N/A | 5.5 MEDIUM |
| Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD µProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service. | |||||
| CVE-2023-0977 | 3 Linux, Microsoft, Trellix | 3 Linux Kernel, Windows, Agent | 2023-11-07 | N/A | 6.5 MEDIUM |
| A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable. | |||||
| CVE-2023-0196 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2023-11-07 | N/A | 3.3 LOW |
| NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service. | |||||
| CVE-2023-0193 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2023-11-07 | N/A | 4.4 MEDIUM |
| NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure. | |||||
| CVE-2023-0208 | 2 Linux, Nvidia | 2 Linux Kernel, Data Center Gpu Manager | 2023-11-07 | N/A | 7.1 HIGH |
| NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering. | |||||
| CVE-2022-4895 | 2 Hitachi, Linux | 3 Infrastructure Analytics Advisor, Ops Center Analyzer, Linux Kernel | 2023-11-07 | N/A | 8.1 HIGH |
| Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00. | |||||
| CVE-2023-0240 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 7.8 HIGH |
| There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161. | |||||
| CVE-2023-0160 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2023-11-07 | N/A | 5.5 MEDIUM |
| A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system. | |||||
| CVE-2022-4696 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 7.8 HIGH |
| There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above | |||||
| CVE-2022-47983 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-11-07 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161. | |||||
| CVE-2022-4126 | 4 Abb, Apple, Linux and 1 more | 4 Rccmd, Macos, Linux Kernel and 1 more | 2023-11-07 | N/A | 9.8 CRITICAL |
| Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207. | |||||
| CVE-2022-43863 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2023-11-07 | N/A | 7.2 HIGH |
| IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425. | |||||
| CVE-2022-43929 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-11-07 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676. | |||||
| CVE-2022-43917 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2023-11-07 | N/A | 7.5 HIGH |
| IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045. | |||||
| CVE-2022-43867 | 2 Ibm, Linux | 2 Spectrum Scale Container Native Storage Access, Linux Kernel | 2023-11-07 | N/A | 7.8 HIGH |
| IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437. | |||||
| CVE-2022-43869 | 2 Ibm, Linux | 3 Elastic Storage System, Spectrum Scale, Linux Kernel | 2023-11-07 | N/A | 6.5 MEDIUM |
| IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539. | |||||
| CVE-2022-43875 | 2 Ibm, Linux | 4 Aix, Financial Transaction Manager, Linux On Ibm Z and 1 more | 2023-11-07 | N/A | 5.5 MEDIUM |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034. | |||||
| CVE-2022-43927 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-11-07 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671. | |||||
| CVE-2022-43872 | 2 Ibm, Linux | 4 Aix, Financial Transaction Manager, Linux On Ibm Z and 1 more | 2023-11-07 | N/A | 5.3 MEDIUM |
| IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708. | |||||
| CVE-2022-42896 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 8.8 HIGH |
| There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url | |||||