Filtered by vendor Linux
Subscriptions
Filtered by product Linux Kernel
Subscriptions
Total
7526 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23005 | 2 Linux, Suse | 2 Linux Kernel, Linux Enterprise Server | 2024-08-02 | 5.5 Medium |
| In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached. | ||||
| CVE-2023-25069 | 2 Linux, Trendmicro | 2 Linux Kernel, Txone Stellarone | 2024-08-02 | 8.8 High |
| TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. With these privileges, an attacker could perform actions they are not authorized to. Please note: an attacker must first obtain a low-privileged authenticated user's profile on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-24964 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-08-02 | 6.2 Medium |
| IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463. | ||||
| CVE-2023-24960 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-08-02 | 7.5 High |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333 | ||||
| CVE-2023-25012 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 4.6 Medium |
| The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. | ||||
| CVE-2023-24016 | 2 Intel, Linux | 2 Quartus Prime, Linux Kernel | 2024-08-02 | 6.7 Medium |
| Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-23586 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 5.5 Medium |
| Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring | ||||
| CVE-2023-23559 | 3 Debian, Linux, Netapp | 3 Debian Linux, Linux Kernel, Hci Baseboard Management Controller | 2024-08-02 | 7.8 High |
| In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. | ||||
| CVE-2023-23477 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-08-02 | 8.1 High |
| IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. | ||||
| CVE-2023-23482 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2024-08-02 | 5.4 Medium |
| IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891. | ||||
| CVE-2023-23480 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2024-08-02 | 5.4 Medium |
| IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245885. | ||||
| CVE-2023-23481 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2024-08-02 | 6.4 Medium |
| IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889. | ||||
| CVE-2023-23475 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-08-02 | 4.6 Medium |
| IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423. | ||||
| CVE-2023-23454 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-08-02 | 5.5 Medium |
| cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | ||||
| CVE-2023-23455 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-08-02 | 5.5 Medium |
| atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | ||||
| CVE-2023-23006 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 5.5 Medium |
| In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | ||||
| CVE-2023-23039 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 5.7 Medium |
| An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove(). | ||||
| CVE-2023-23001 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 5.5 Medium |
| In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | ||||
| CVE-2023-22995 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 7.8 High |
| In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. | ||||
| CVE-2023-23004 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 5.5 Medium |
| In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | ||||