Filtered by vendor Linux
Subscribe
Total
7095 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26545 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2024-02-28 | N/A | 4.7 MEDIUM |
| In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | |||||
| CVE-2023-0266 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 7.8 HIGH |
| A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e | |||||
| CVE-2022-42263 | 5 Citrix, Linux, Nvidia and 2 more | 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more | 2024-02-28 | N/A | 7.1 HIGH |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure. | |||||
| CVE-2022-42260 | 5 Citrix, Linux, Nvidia and 2 more | 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more | 2024-02-28 | N/A | 7.8 HIGH |
| NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | |||||
| CVE-2022-34361 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more | 2024-02-28 | N/A | 7.5 HIGH |
| IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522. | |||||
| CVE-2020-36652 | 2 Hitachi, Linux | 6 Automation Director, Infrastructure Analytics Advisor, Ops Center Analyzer and 3 more | 2024-02-28 | N/A | 7.1 HIGH |
| Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00. | |||||
| CVE-2022-42343 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2024-02-28 | N/A | 6.5 MEDIUM |
| Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-4127 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service. | |||||
| CVE-2023-0615 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
| A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled. | |||||
| CVE-2022-45934 | 4 Debian, Fedoraproject, Linux and 1 more | 13 Debian Linux, Fedora, Linux Kernel and 10 more | 2024-02-28 | N/A | 7.8 HIGH |
| An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | |||||
| CVE-2023-0394 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. | |||||
| CVE-2022-4129 | 2 Fedoraproject, Linux | 2 Fedora, Layer 2 Tunneling Protocol | 2024-02-28 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. | |||||
| CVE-2023-23039 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 5.7 MEDIUM |
| An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove(). | |||||
| CVE-2022-47519 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2024-02-28 | N/A | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames. | |||||
| CVE-2022-47521 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2024-02-28 | N/A | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames. | |||||
| CVE-2022-43869 | 2 Ibm, Linux | 3 Elastic Storage System, Spectrum Scale, Linux Kernel | 2024-02-28 | N/A | 6.5 MEDIUM |
| IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539. | |||||
| CVE-2022-26386 | 3 Apple, Linux, Mozilla | 4 Macos, Linux Kernel, Firefox Esr and 1 more | 2024-02-28 | N/A | 6.5 MEDIUM |
| Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. <br>*This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7. | |||||
| CVE-2022-42436 | 4 Ibm, Linux, Microsoft and 1 more | 7 Aix, I, Linux On Ibm Z and 4 more | 2024-02-28 | N/A | 3.3 LOW |
| IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. | |||||
| CVE-2023-24960 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333 | |||||
| CVE-2022-40607 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2024-02-28 | N/A | 6.8 MEDIUM |
| IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740. | |||||