Filtered by vendor Linux
Subscriptions
Total
6969 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20557 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-09-16 | 7.2 High |
| IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 199184. | ||||
| CVE-2021-29769 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2024-09-16 | 4.3 Medium |
| IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 202769. | ||||
| CVE-2020-4165 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-09-16 | 5.4 Medium |
| IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174401. | ||||
| CVE-2021-44203 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-09-16 | 5.4 Medium |
| Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | ||||
| CVE-2020-4636 | 2 Ibm, Linux | 2 Resilient Security Orchestration Automation And Response, Linux Kernel | 2024-09-16 | 7.2 High |
| IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503. | ||||
| CVE-2021-38948 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-09-16 | 9.1 Critical |
| IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 211402. | ||||
| CVE-2020-5024 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-09-16 | 7.5 High |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660. | ||||
| CVE-2020-4294 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-09-16 | 6.3 Medium |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404. | ||||
| CVE-2021-20400 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-09-16 | 7.5 High |
| IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074. | ||||
| CVE-2021-44200 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-09-16 | 5.4 Medium |
| Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | ||||
| CVE-2009-3088 | 2 Ibm, Linux | 2 Tivoli Directory Server, Linux Kernel | 2024-09-16 | N/A |
| Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to have an unspecified impact via unknown vectors that trigger heap corruption, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2019-4617 | 2 Ibm, Linux | 2 Cloud Automation Manager, Linux Kernel | 2024-09-16 | 4.4 Medium |
| IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 168645. | ||||
| CVE-2018-5486 | 2 Linux, Netapp | 2 Linux Kernel, Oncommand Unified Manager | 2024-09-16 | N/A |
| NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code. | ||||
| CVE-2018-5487 | 2 Linux, Netapp | 2 Linux Kernel, Oncommand Unified Manager | 2024-09-16 | N/A |
| NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. | ||||
| CVE-2020-5018 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-09-16 | 7.5 High |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654. | ||||
| CVE-2021-39065 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-09-16 | 9.8 Critical |
| IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could inject arbitrary shell commands which would be executed on the affected system. IBM X-Force ID: 214958. | ||||
| CVE-2020-4382 | 2 Ibm, Linux | 2 Elastic Storage Server, Linux Kernel | 2024-09-16 | 5.5 Medium |
| IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services. IBM X-Force ID: 179163. | ||||
| CVE-2020-5017 | 2 Ibm, Linux | 2 Spectrum Protect, Linux Kernel | 2024-09-16 | 5.5 Medium |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653. | ||||
| CVE-2021-3490 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-09-16 | 7.8 High |
| The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1). | ||||
| CVE-2022-22318 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Curam Social Program Management and 4 more | 2024-09-16 | 9.8 Critical |
| IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | ||||