Search
Total
5167 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1711 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369. | |||||
| CVE-2018-1087 | 4 Canonical, Debian, Linux and 1 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest. | |||||
| CVE-2018-1515 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-10-09 | 4.4 MEDIUM | 7.0 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624. | |||||
| CVE-2018-1544 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648. | |||||
| CVE-2018-1448 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-10-09 | 3.6 LOW | 7.1 HIGH |
| IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043. | |||||
| CVE-2018-1427 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072. | |||||
| CVE-2018-1428 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073. | |||||
| CVE-2018-1458 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209. | |||||
| CVE-2018-1566 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023. | |||||
| CVE-2018-1130 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2019-10-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. | |||||
| CVE-2018-1120 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2019-10-09 | 3.5 LOW | 5.3 MEDIUM |
| A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). | |||||
| CVE-2018-1118 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. | |||||
| CVE-2018-1565 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022. | |||||
| CVE-2018-16882 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2019-10-09 | 7.2 HIGH | 8.8 HIGH |
| A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable. | |||||
| CVE-2018-14646 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2019-10-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service. | |||||
| CVE-2018-14641 | 1 Linux | 1 Linux Kernel | 2019-10-09 | 7.1 HIGH | 5.9 MEDIUM |
| A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service. | |||||
| CVE-2018-14619 | 1 Linux | 1 Linux Kernel | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges. | |||||
| CVE-2018-14656 | 1 Linux | 1 Linux Kernel | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log. | |||||
| CVE-2018-10881 | 4 Canonical, Debian, Linux and 1 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2019-10-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. | |||||
| CVE-2018-10902 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. | |||||
| CVE-2018-10882 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2019-10-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. | |||||
| CVE-2018-10883 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2019-10-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. | |||||
| CVE-2018-10879 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2019-10-09 | 6.1 MEDIUM | 7.8 HIGH |
| A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. | |||||
| CVE-2017-7558 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. | |||||
| CVE-2017-7518 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this. | |||||
| CVE-2017-7482 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Mrg | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation. | |||||
| CVE-2017-2618 | 3 Debian, Linux, Redhat | 8 Debian Linux, Linux Kernel, Enterprise Linux and 5 more | 2019-10-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. | |||||
| CVE-2017-2634 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
| It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system. | |||||
| CVE-2017-1571 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853. | |||||
| CVE-2017-15128 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2019-10-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG). | |||||
| CVE-2017-12168 | 1 Linux | 1 Linux Kernel | 2019-10-09 | 4.9 MEDIUM | 6.0 MEDIUM |
| The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR). | |||||
| CVE-2017-12153 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-10-09 | 4.9 MEDIUM | 4.4 MEDIUM |
| A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash. | |||||
| CVE-2016-9604 | 1 Linux | 1 Linux Kernel | 2019-10-09 | 2.1 LOW | 4.4 MEDIUM |
| It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring. | |||||
| CVE-2016-10609 | 2 Chromedriver126 Project, Linux | 2 Chromedriver126, Linux Kernel | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| chromedriver126 is chromedriver version 1.26 for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2014-2648 | 2 Hp, Linux | 2 Operations Manager, Linux Kernel | 2019-10-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2013-6208 | 2 Hp, Linux | 2 Smart Update Manager, Linux Kernel | 2019-10-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in HP Smart Update Manager 5.3.5 before build 70 on Linux allows local users to gain privileges via unknown vectors. | |||||
| CVE-2012-2016 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2019-10-09 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors. | |||||
| CVE-2012-2015 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2019-10-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown vectors. | |||||
| CVE-2012-2014 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2019-10-09 | 9.0 HIGH | N/A |
| HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors. | |||||
| CVE-2012-2013 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2019-10-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via unknown vectors. | |||||
| CVE-2012-2012 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2019-10-09 | 10.0 HIGH | N/A |
| HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2010-3009 | 2 Hp, Linux | 2 System Management Homepage, Linux Kernel | 2019-10-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors. | |||||
| CVE-2010-1034 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2019-10-09 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors. | |||||
| CVE-2016-10764 | 1 Linux | 1 Linux Kernel | 2019-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead. | |||||
| CVE-2017-18552 | 1 Linux | 1 Linux Kernel | 2019-10-07 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in net/rds/af_rds.c in the Linux kernel before 4.11. There is an out of bounds write and read in the function rds_recv_track_latency. | |||||
| CVE-2016-10907 | 1 Linux | 1 Linux Kernel | 2019-10-07 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755_parse_dt. | |||||
| CVE-2019-16413 | 1 Linux | 1 Linux Kernel | 2019-10-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems. | |||||
| CVE-2019-15925 | 1 Linux | 1 Linux Kernel | 2019-10-04 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c. | |||||
| CVE-2019-15922 | 1 Linux | 1 Linux Kernel | 2019-10-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c. | |||||
| CVE-2019-15918 | 1 Linux | 1 Linux Kernel | 2019-10-04 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21. | |||||