Filtered by vendor Linux
Subscribe
Total
7096 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-4269 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition. | |||||
CVE-2022-22449 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-02-28 | N/A | 5.3 MEDIUM |
IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 224915. | |||||
CVE-2023-27875 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2024-02-28 | N/A | 7.5 HIGH |
IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847. | |||||
CVE-2022-22461 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-02-28 | N/A | 7.5 HIGH |
IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007. | |||||
CVE-2022-35720 | 3 Ibm, Linux, Microsoft | 6 Aix, Linux On Ibm Z, Sterling External Authentication Server and 3 more | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. | |||||
CVE-2022-42438 | 2 Ibm, Linux | 2 Cloud Pak For Multicloud Management Monitoring, Linux Kernel | 2024-02-28 | N/A | 8.8 HIGH |
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210. | |||||
CVE-2023-22997 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | |||||
CVE-2022-31701 | 2 Linux, Vmware | 4 Linux Kernel, Access, Cloud Foundation and 1 more | 2024-02-28 | N/A | 5.3 MEDIUM |
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. | |||||
CVE-2022-47983 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-02-28 | N/A | 5.4 MEDIUM |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161. | |||||
CVE-2022-4382 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 6.4 MEDIUM |
A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side. | |||||
CVE-2023-0196 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2024-02-28 | N/A | 3.3 LOW |
NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service. | |||||
CVE-2022-3105 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array(). | |||||
CVE-2022-4378 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 7.8 HIGH |
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
CVE-2023-1390 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 7.5 HIGH |
A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition. | |||||
CVE-2023-22868 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2024-02-28 | N/A | 5.4 MEDIUM |
IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117. | |||||
CVE-2022-34680 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2024-02-28 | N/A | 5.5 MEDIUM |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service. | |||||
CVE-2023-0240 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 7.8 HIGH |
There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161. | |||||
CVE-2022-34676 | 5 Citrix, Linux, Nvidia and 2 more | 6 Hypervisor, Linux Kernel, Cloud Gaming and 3 more | 2024-02-28 | N/A | 7.8 HIGH |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering. | |||||
CVE-2022-22458 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-02-28 | N/A | 6.5 MEDIUM |
IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009. | |||||
CVE-2020-36611 | 2 Hitachi, Linux | 2 Tuning Manager, Linux Kernel | 2024-02-28 | N/A | 7.1 HIGH |
Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi Tuning Manager - Agent for SAN Switch components) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-00. |