Filtered by vendor Linux
Subscriptions
Total
6969 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23481 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2024-08-02 | 6.4 Medium |
| IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889. | ||||
| CVE-2023-23475 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-08-02 | 4.6 Medium |
| IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423. | ||||
| CVE-2023-23454 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-08-02 | 5.5 Medium |
| cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | ||||
| CVE-2023-23455 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-08-02 | 5.5 Medium |
| atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | ||||
| CVE-2023-23006 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 5.5 Medium |
| In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | ||||
| CVE-2023-23208 | 3 Genesys, Linux, Microsoft | 3 Administrator Extension, Linux Kernel, Windows | 2024-08-02 | 6.1 Medium |
| Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261. | ||||
| CVE-2023-23039 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 5.7 Medium |
| An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove(). | ||||
| CVE-2023-23001 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 5.5 Medium |
| In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | ||||
| CVE-2023-22995 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 7.8 High |
| In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. | ||||
| CVE-2023-23004 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 5.5 Medium |
| In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | ||||
| CVE-2023-22999 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 5.5 Medium |
| In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | ||||
| CVE-2023-22998 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-02 | 5.5 Medium |
| In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | ||||
| CVE-2023-22997 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 5.5 Medium |
| In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | ||||
| CVE-2023-23000 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 5.5 Medium |
| In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used. | ||||
| CVE-2023-23002 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 5.5 Medium |
| In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | ||||
| CVE-2023-22996 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 5.5 Medium |
| In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device. | ||||
| CVE-2023-23003 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 4.0 Medium |
| In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value. | ||||
| CVE-2023-22878 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-08-02 | 6.2 Medium |
| IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373. | ||||
| CVE-2023-22875 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-08-02 | 8.4 High |
| IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X-Force ID: 244356. | ||||
| CVE-2023-22870 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2024-08-02 | 5.9 Medium |
| IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121. | ||||