Filtered by vendor Linux Subscriptions
Total 8161 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-49387 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-10-16 7.5 High
Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-49388 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-10-16 9.1 Critical
Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-49382 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-10-16 4.3 Medium
Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-49383 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-10-16 4.3 Medium
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-49384 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-10-16 4.3 Medium
Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-25707 3 Esri, Linux, Microsoft 3 Portal For Arcgis, Linux Kernel, Windows 2024-10-15 4.8 Medium
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code.
CVE-2024-20343 2 Cisco, Linux 2 Ios Xr, Linux Kernel 2024-10-07 5.5 Medium
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system.
CVE-2024-0132 2 Linux, Nvidia 5 Linux Kernel, Container Toolkit, Gpu Operator and 2 more 2024-10-02 9 Critical
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
CVE-2024-0133 2 Linux, Nvidia 3 Linux Kernel, Nvidia Container Toolkit, Nvidia Gpu Operator 2024-10-02 4.1 Medium
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.
CVE-2022-43845 3 Ibm, Linux, Microsoft 3 Aspera Console, Linux Kernel, Windows 2024-09-30 3.7 Low
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
CVE-2021-38963 3 Ibm, Linux, Microsoft 3 Aspera Console, Linux Kernel, Windows 2024-09-30 8 High
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-46958 2 Linux, Nextcloud 2 Linux Kernel, Desktop 2024-09-20 9.1 Critical
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.
CVE-2024-6053 4 Apple, Linux, Microsoft and 1 more 5 Macos, Linux Kernel, Windows and 2 more 2024-09-19 4.3 Medium
Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting.
CVE-2024-0102 3 Linux, Microsoft, Nvidia 3 Linux Kernel, Windows, Cuda Toolkit 2024-09-16 3.3 Low
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful exploit of this vulnerability might lead to denial of service.
CVE-2024-39747 3 Ibm, Linux, Microsoft 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more 2024-09-16 8.1 High
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
CVE-2024-2881 3 Linux, Microsoft, Wolfssl 4 Linux Kernel, Windows, Wolfcrypt and 1 more 2024-09-04 6.7 Medium
Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.
CVE-2024-1545 3 Linux, Microsoft, Wolfssl 4 Linux Kernel, Windows, Wolfcrypt and 1 more 2024-09-04 5.9 Medium
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.
CVE-2024-8207 2 Linux, Mongodb 2 Linux Kernel, Mongodb 2024-08-30 6.4 Medium
In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3. Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue
CVE-2024-39744 3 Ibm, Linux, Microsoft 5 Aix, Sterling Connect, Sterling Connect Direct Web Services and 2 more 2024-08-23 4.3 Medium
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2024-39745 3 Ibm, Linux, Microsoft 5 Aix, Sterling Connect, Sterling Connect Direct Web Services and 2 more 2024-08-23 5.9 Medium
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.