Filtered by vendor Linux
Subscriptions
Filtered by product Linux Kernel
Subscriptions
Total
8075 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-20343 | 2 Cisco, Linux | 2 Ios Xr, Linux Kernel | 2024-10-07 | 5.5 Medium |
| A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system. | ||||
| CVE-2024-0132 | 2 Linux, Nvidia | 5 Linux Kernel, Container Toolkit, Gpu Operator and 2 more | 2024-10-02 | 9 Critical |
| NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-0133 | 2 Linux, Nvidia | 3 Linux Kernel, Nvidia Container Toolkit, Nvidia Gpu Operator | 2024-10-02 | 4.1 Medium |
| NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering. | ||||
| CVE-2022-43845 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2024-09-30 | 3.7 Low |
| IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. | ||||
| CVE-2021-38963 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2024-09-30 | 8 High |
| IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. | ||||
| CVE-2024-46958 | 2 Linux, Nextcloud | 2 Linux Kernel, Desktop | 2024-09-20 | 9.1 Critical |
| In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4. | ||||
| CVE-2024-6053 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2024-09-19 | 4.3 Medium |
| Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting. | ||||
| CVE-2024-0102 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2024-09-16 | 3.3 Low |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2024-39747 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2024-09-16 | 8.1 High |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. | ||||
| CVE-2024-2881 | 3 Linux, Microsoft, Wolfssl | 4 Linux Kernel, Windows, Wolfcrypt and 1 more | 2024-09-04 | 6.7 Medium |
| Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure. | ||||
| CVE-2024-1545 | 3 Linux, Microsoft, Wolfssl | 4 Linux Kernel, Windows, Wolfcrypt and 1 more | 2024-09-04 | 5.9 Medium |
| Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. | ||||
| CVE-2024-8207 | 2 Linux, Mongodb | 2 Linux Kernel, Mongodb | 2024-08-30 | 6.4 Medium |
| In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3. Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue | ||||
| CVE-2024-39744 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling Connect, Sterling Connect Direct Web Services and 2 more | 2024-08-23 | 4.3 Medium |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2024-39745 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling Connect, Sterling Connect Direct Web Services and 2 more | 2024-08-23 | 5.9 Medium |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2024-39746 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling Connect, Sterling Connect Direct Web Services and 2 more | 2024-08-23 | 5.9 Medium |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||