Search
Total
5167 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47264 | 4 Apple, Linux, Microsoft and 1 more | 10 Macos, Linux Kernel, Windows and 7 more | 2023-12-01 | N/A | 7.5 HIGH |
| Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later. | |||||
| CVE-2023-49322 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2023-12-01 | N/A | 7.5 HIGH |
| Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1. | |||||
| CVE-2023-49321 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2023-12-01 | N/A | 5.3 MEDIUM |
| Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1. | |||||
| CVE-2023-47263 | 4 Apple, Linux, Microsoft and 1 more | 10 Macos, Linux Kernel, Windows and 7 more | 2023-12-01 | N/A | 7.5 HIGH |
| Certain WithSecure products allow a Denial of Service (DoS) in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later. | |||||
| CVE-2023-5972 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2023-11-30 | N/A | 7.8 HIGH |
| A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system. | |||||
| CVE-2022-37425 | 2 Linux, Opennebula | 2 Linux Kernel, Opennebula | 2023-11-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. | |||||
| CVE-2022-37424 | 2 Linux, Opennebula | 2 Linux Kernel, Opennebula | 2023-11-30 | N/A | 6.5 MEDIUM |
| Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. | |||||
| CVE-2022-37426 | 2 Linux, Opennebula | 2 Linux Kernel, Opennebula | 2023-11-30 | N/A | 7.5 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. | |||||
| CVE-2023-40363 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-11-29 | N/A | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332. | |||||
| CVE-2023-38361 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2023-11-29 | N/A | 7.5 HIGH |
| IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770. | |||||
| CVE-2022-3643 | 3 Broadcom, Debian, Linux | 3 Bcm5780, Debian Linux, Linux Kernel | 2023-11-29 | N/A | 6.5 MEDIUM |
| Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. | |||||
| CVE-2023-3567 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2023-11-29 | N/A | 7.1 HIGH |
| A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. | |||||
| CVE-2023-42752 | 1 Linux | 1 Linux Kernel | 2023-11-29 | N/A | 5.5 MEDIUM |
| An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers. | |||||
| CVE-2023-3777 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-11-29 | N/A | 7.8 HIGH |
| A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8. | |||||
| CVE-2023-31436 | 1 Linux | 1 Linux Kernel | 2023-11-29 | N/A | 7.8 HIGH |
| qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. | |||||
| CVE-2023-4732 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-11-28 | N/A | 4.7 MEDIUM |
| A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x. | |||||
| CVE-2023-6176 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-11-23 | N/A | 7.8 HIGH |
| A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. | |||||
| CVE-2023-38544 | 2 Ivanti, Linux | 2 Secure Access Client, Linux Kernel | 2023-11-22 | N/A | 5.5 MEDIUM |
| A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system. | |||||
| CVE-2015-4036 | 1 Linux | 1 Linux Kernel | 2023-11-21 | 7.2 HIGH | N/A |
| Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced. | |||||
| CVE-2023-4147 | 4 Debian, Fedoraproject, Linux and 1 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2023-11-21 | N/A | 7.8 HIGH |
| A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. | |||||
| CVE-2023-28723 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 5.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-28737 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 7.8 HIGH |
| Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36396 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 6.7 MEDIUM |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36374 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 6.7 MEDIUM |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-22310 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 4.7 MEDIUM |
| Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-22305 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 5.5 MEDIUM |
| Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-25949 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 5.5 MEDIUM |
| Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-28397 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 7.8 HIGH |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated to potentially enable escalation of privileges via local access. | |||||
| CVE-2023-26589 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 5.5 MEDIUM |
| Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allowed an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-31102 | 3 7-zip, Linux, Netapp | 4 7-zip, Linux Kernel, Active Iq Unified Manager and 1 more | 2023-11-20 | N/A | 7.8 HIGH |
| Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. | |||||
| CVE-2022-40752 | 3 Ibm, Linux, Microsoft | 5 Aix, Infosphere Information Server, Infosphere Information Server On Cloud and 2 more | 2023-11-18 | N/A | 9.8 CRITICAL |
| IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687. | |||||
| CVE-2021-39077 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2023-11-18 | N/A | 4.4 MEDIUM |
| IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587. ? | |||||
| CVE-2023-38427 | 2 Linux, Netapp | 5 Linux Kernel, H300s, H410s and 2 more | 2023-11-17 | N/A | 9.8 CRITICAL |
| An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts. | |||||
| CVE-2023-32258 | 2 Linux, Netapp | 5 Linux Kernel, H300s, H410s and 2 more | 2023-11-17 | N/A | 8.1 HIGH |
| A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel. | |||||
| CVE-2023-38363 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2023-11-17 | N/A | 4.3 MEDIUM |
| IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 260818. | |||||
| CVE-2023-38364 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2023-11-16 | N/A | 6.1 MEDIUM |
| IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260821. | |||||
| CVE-2023-6039 | 1 Linux | 1 Linux Kernel | 2023-11-16 | N/A | 5.5 MEDIUM |
| A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches. | |||||
| CVE-2023-39198 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2023-11-16 | N/A | 6.4 MEDIUM |
| A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. | |||||
| CVE-2023-3282 | 2 Linux, Paloaltonetworks | 2 Linux Kernel, Cortex Xsoar | 2023-11-16 | N/A | 6.7 MEDIUM |
| A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine. | |||||
| CVE-2023-44466 | 1 Linux | 1 Linux Kernel | 2023-11-16 | N/A | 8.8 HIGH |
| An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32. | |||||
| CVE-2013-4300 | 1 Linux | 1 Linux Kernel | 2023-11-15 | 7.2 HIGH | N/A |
| The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing. | |||||
| CVE-2023-34256 | 3 Debian, Linux, Suse | 3 Debian Linux, Linux Kernel, Linux Enterprise | 2023-11-15 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access. | |||||
| CVE-2023-5847 | 3 Linux, Microsoft, Tenable | 4 Linux Kernel, Windows, Nessus and 1 more | 2023-11-14 | N/A | 7.3 HIGH |
| Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. | |||||
| CVE-2023-47233 | 1 Linux | 1 Linux Kernel | 2023-11-14 | N/A | 4.3 MEDIUM |
| The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. | |||||
| CVE-2023-31022 | 8 Canonical, Citrix, Linux and 5 more | 9 Ubuntu Linux, Hypervisor, Linux Kernel and 6 more | 2023-11-13 | N/A | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service. | |||||
| CVE-2023-31018 | 8 Canonical, Citrix, Linux and 5 more | 9 Ubuntu Linux, Hypervisor, Linux Kernel and 6 more | 2023-11-13 | N/A | 5.5 MEDIUM |
| NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service. | |||||
| CVE-2023-1476 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux, Enterprise Linux Eus and 3 more | 2023-11-13 | N/A | 7.0 HIGH |
| A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system. | |||||
| CVE-2023-0575 | 4 Apple, Linux, Microsoft and 1 more | 5 Iphone Os, Macos, Linux Kernel and 2 more | 2023-11-10 | N/A | 9.8 CRITICAL |
| External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0 | |||||
| CVE-2023-42027 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Cics Tx and 3 more | 2023-11-09 | N/A | 8.8 HIGH |
| IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057. | |||||
| CVE-2023-42029 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Cics Tx and 3 more | 2023-11-09 | N/A | 5.4 MEDIUM |
| IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059. | |||||