Filtered by vendor Linux Subscriptions
Filtered by product Linux Kernel Subscriptions
Total 8133 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-1999-0128 5 Digital, Ibm, Linux and 2 more 9 Osf 1, Aix, Sng and 6 more 2024-11-20 N/A
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
CVE-1999-0074 4 Freebsd, Linux, Microsoft and 1 more 4 Freebsd, Linux Kernel, Windows Nt and 1 more 2024-11-20 N/A
Listening TCP ports are sequentially allocated, allowing spoofing attacks.
CVE-1999-0061 4 Bsdi, Freebsd, Linux and 1 more 4 Bsd Os, Freebsd, Linux Kernel and 1 more 2024-11-20 N/A
File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).
CVE-2024-39726 3 Ibm, Linux, Microsoft 4 Engineering Insights, Engineering Lifecycle Optimization - Engineering Insights, Linux Kernel and 1 more 2024-11-19 8.2 High
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2023-4134 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2024-11-18 5.5 Medium
A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of service.
CVE-2024-45642 2 Ibm, Linux 2 Security Qradar Edr, Linux Kernel 2024-11-16 5.3 Medium
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-45099 2 Ibm, Linux 2 Security Qradar Edr, Linux Kernel 2024-11-16 3.1 Low
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-0134 2 Linux, Nvidia 3 Linux Kernel, Nvidia Container Toolkit, Nvidia Gpu Operator 2024-11-08 4.1 Medium
NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.
CVE-2024-0129 4 Apple, Linux, Microsoft and 1 more 4 Macos, Linux Kernel, Windows and 1 more 2024-11-08 6.3 Medium
NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.
CVE-2024-31880 4 Ibm, Linux, Microsoft and 1 more 4 Db2, Linux Kernel, Windows and 1 more 2024-11-06 5.3 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.
CVE-2024-45071 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2024-10-21 5.5 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-45072 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2024-10-21 5.5 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2024-49387 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-10-16 7.5 High
Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-49388 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-10-16 9.1 Critical
Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-49382 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-10-16 4.3 Medium
Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-49383 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-10-16 4.3 Medium
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-49384 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-10-16 4.3 Medium
Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-25707 3 Esri, Linux, Microsoft 3 Portal For Arcgis, Linux Kernel, Windows 2024-10-15 4.8 Medium
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code.
CVE-2024-20343 2 Cisco, Linux 2 Ios Xr, Linux Kernel 2024-10-07 5.5 Medium
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system.
CVE-2024-0132 2 Linux, Nvidia 5 Linux Kernel, Container Toolkit, Gpu Operator and 2 more 2024-10-02 9 Critical
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.