Filtered by vendor Linux
Subscribe
Search
Total
5234 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20446 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2021-02-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196622. | |||||
| CVE-2021-20412 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2021-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 198192. | |||||
| CVE-2021-20411 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2021-02-12 | 4.8 MEDIUM | 8.1 HIGH |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191. | |||||
| CVE-2021-20409 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2021-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 198188. | |||||
| CVE-2021-20408 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2021-02-12 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187. | |||||
| CVE-2021-20407 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2021-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 198185. | |||||
| CVE-2021-20406 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2021-02-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 198184. | |||||
| CVE-2019-19319 | 3 Linux, Opensuse, Redhat | 3 Linux Kernel, Leap, Enterprise Linux | 2021-02-09 | 4.4 MEDIUM | 6.5 MEDIUM |
| In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30. | |||||
| CVE-2014-3153 | 4 Linux, Opensuse, Redhat and 1 more | 7 Linux Kernel, Opensuse, Enterprise Linux Server Aus and 4 more | 2021-02-08 | 7.2 HIGH | N/A |
| The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. | |||||
| CVE-2020-5032 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2021-02-04 | 3.3 LOW | 4.3 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable to a temporary denial of service attack when sent particular payloads. IBM X-Force ID: 194178. | |||||
| CVE-2020-4934 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2021-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 191752. | |||||
| CVE-2020-35513 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2021-02-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service. | |||||
| CVE-2020-4642 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2021-01-30 | 2.1 LOW | 5.5 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the "DB2 Management Service". | |||||
| CVE-2020-4949 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2021-01-29 | 6.4 MEDIUM | 8.2 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025. | |||||
| CVE-2020-4952 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-01-29 | 9.0 HIGH | 8.8 HIGH |
| IBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper access control. IBM X-Force ID: 192028. | |||||
| CVE-2020-4189 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-01-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850. | |||||
| CVE-2020-4889 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2021-01-29 | 2.1 LOW | 3.3 LOW |
| IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971. | |||||
| CVE-2019-19462 | 5 Canonical, Debian, Linux and 2 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2021-01-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. | |||||
| CVE-2021-21107 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-01-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2018-5953 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2021-01-28 | 2.1 LOW | 5.5 MEDIUM |
| The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. | |||||
| CVE-2020-28974 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2021-01-27 | 6.1 MEDIUM | 5.0 MEDIUM |
| A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. | |||||
| CVE-2020-4688 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-01-22 | 7.2 HIGH | 7.8 HIGH |
| IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability. IBM X-Force ID: 186700. | |||||
| CVE-2020-4921 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-01-22 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191398. | |||||
| CVE-2021-21009 | 3 Adobe, Linux, Microsoft | 3 Campaign Classic, Linux Kernel, Windows | 2021-01-21 | 5.0 MEDIUM | 8.6 HIGH |
| Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources. | |||||
| CVE-2020-25220 | 1 Linux | 1 Linux Kernel | 2021-01-20 | 7.2 HIGH | 7.8 HIGH |
| The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature. | |||||
| CVE-2020-4604 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-01-15 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861. | |||||
| CVE-2020-4602 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-01-15 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836. | |||||
| CVE-2020-4600 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-01-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184832. | |||||
| CVE-2020-4599 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-01-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184824. | |||||
| CVE-2018-18689 | 13 Apple, Avanquest, Foxitsoftware and 10 more | 20 Macos, Expert Pdf Ultimate, Pdf Experte Ultimate and 17 more | 2021-01-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop. | |||||
| CVE-2018-16042 | 5 Adobe, Apple, Iskysoft and 2 more | 8 Acrobat Dc, Acrobat Reader Dc, Reader and 5 more | 2021-01-14 | 6.4 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-18688 | 11 Apple, Code-industry, Foxitsoftware and 8 more | 16 Macos, Master Pdf Editor, Foxit Reader and 13 more | 2021-01-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader. | |||||
| CVE-2021-1060 | 7 Citrix, Linux, Microsoft and 4 more | 7 Hypervisor, Linux Kernel, Windows and 4 more | 2021-01-14 | 3.6 LOW | 7.1 HIGH |
| NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input index is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2021-1053 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Gpu Driver | 2021-01-14 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service. | |||||
| CVE-2020-27835 | 1 Linux | 1 Infiniband Hfi1 Driver | 2021-01-14 | 4.9 MEDIUM | 4.4 MEDIUM |
| A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system. | |||||
| CVE-2020-5018 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2021-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654. | |||||
| CVE-2020-14331 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2021-01-13 | 7.2 HIGH | 6.6 MEDIUM |
| A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2019-20934 | 1 Linux | 1 Linux Kernel | 2021-01-12 | 5.4 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. | |||||
| CVE-2020-5021 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2021-01-11 | 3.6 LOW | 4.4 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657. | |||||
| CVE-2020-5020 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2021-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 193656. | |||||
| CVE-2020-5019 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2021-01-11 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 193655. | |||||
| CVE-2020-4762 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2021-01-08 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access controls. IBM X-Force ID: 188896. | |||||
| CVE-2020-4761 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2021-01-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 188895. | |||||
| CVE-2020-35963 | 2 Linux, Treasuredata | 2 Linux Kernel, Fluent Bit | 2021-01-08 | 6.8 MEDIUM | 7.8 HIGH |
| flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion. | |||||
| CVE-2019-4728 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2021-01-07 | 9.0 HIGH | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452. | |||||
| CVE-2018-13096 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2021-01-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image. | |||||
| CVE-2018-5332 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2021-01-05 | 7.2 HIGH | 7.8 HIGH |
| In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). | |||||
| CVE-2018-13099 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2021-01-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr. | |||||
| CVE-2017-11473 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2021-01-05 | 7.2 HIGH | 7.8 HIGH |
| Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table. | |||||
| CVE-2017-7889 | 1 Linux | 1 Linux Kernel | 2021-01-05 | 7.2 HIGH | 7.8 HIGH |
| The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. | |||||