Filtered by vendor Linux
Subscriptions
Filtered by product Linux Kernel
Subscriptions
Total
12671 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38431 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410s and 3 more | 2024-11-21 | 9.1 Critical |
| An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read. | ||||
| CVE-2023-38430 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410s and 3 more | 2024-11-21 | 9.1 Critical |
| An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read. | ||||
| CVE-2023-38428 | 2 Linux, Netapp | 7 Linux Kernel, H300s, H410s and 4 more | 2024-11-21 | 9.1 Critical |
| An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read. | ||||
| CVE-2023-38426 | 2 Linux, Netapp | 7 Linux Kernel, H300s, H410s and 4 more | 2024-11-21 | 9.1 Critical |
| An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length. | ||||
| CVE-2023-38409 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux, Rhel Aus and 5 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info). | ||||
| CVE-2023-38364 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 6.1 Medium |
| IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260821. | ||||
| CVE-2023-38363 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 4.3 Medium |
| IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 260818. | ||||
| CVE-2023-38361 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.9 Medium |
| IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770. | ||||
| CVE-2023-38268 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585. | ||||
| CVE-2023-37454 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this. | ||||
| CVE-2023-35906 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2024-11-21 | 5.3 Medium |
| IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649. | ||||
| CVE-2023-35898 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352. | ||||
| CVE-2023-35896 | 3 Ibm, Linux, Microsoft | 3 Content Navigator, Linux Kernel, Windows | 2024-11-21 | 5.4 Medium |
| IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247. | ||||
| CVE-2023-35893 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 9.9 Critical |
| IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 258824. | ||||
| CVE-2023-35845 | 2 Anaconda, Linux | 2 Anaconda3, Linux Kernel | 2024-11-21 | 4.7 Medium |
| Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected. | ||||
| CVE-2023-35829 | 2 Linux, Netapp | 5 Linux Kernel, H300s, H410s and 2 more | 2024-11-21 | 7.0 High |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c. | ||||
| CVE-2023-35828 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410c and 3 more | 2024-11-21 | 7 High |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c. | ||||
| CVE-2023-35827 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.0 High |
| An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. | ||||
| CVE-2023-35826 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410c and 3 more | 2024-11-21 | 7.0 High |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c. | ||||
| CVE-2023-35020 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Control Center and 2 more | 2024-11-21 | 5.4 Medium |
| IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874. | ||||