National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): linux
There are 7,469 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2019-1862

A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the Web UI and then submitting that form. A successful exploit could allow the attacker to run arbitrary commands on the device with root privileges, which may lead to complete system compromise.

Published: May 13, 2019; 04:29:03 PM -04:00
V3: 7.2 HIGH
V2: 9.0 HIGH
CVE-2019-11884

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.

Published: May 10, 2019; 06:29:00 PM -04:00
V3: 3.3 LOW
V2: 2.1 LOW
CVE-2019-5495

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

Published: May 10, 2019; 04:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2019-5021

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.

Published: May 08, 2019; 01:29:01 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2019-11815

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

Published: May 08, 2019; 10:29:00 AM -04:00
V3: 8.1 HIGH
V2: 9.3 HIGH
CVE-2018-6634

A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account.

Published: May 07, 2019; 04:29:01 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-11811

An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.

Published: May 07, 2019; 10:29:00 AM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2019-11810

An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.

Published: May 07, 2019; 10:29:00 AM -04:00
V3: 7.5 HIGH
V2: 7.8 HIGH
CVE-2018-20836

An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.

Published: May 07, 2019; 10:29:00 AM -04:00
V3: 8.1 HIGH
V2: 9.3 HIGH
CVE-2019-11683

udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue.

Published: May 02, 2019; 01:29:02 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2017-18374

The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes.

Published: May 02, 2019; 01:29:01 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2017-18373

The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.

Published: May 02, 2019; 01:29:01 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2017-18372

The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and can be exploited through the uiViewSNTPServer parameter. Authentication can be achieved by exploiting CVE-2017-18373.

Published: May 02, 2019; 01:29:01 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2017-18371

The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.

Published: May 02, 2019; 01:29:01 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-18370

The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371.

Published: May 02, 2019; 01:29:00 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2017-18368

The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.

Published: May 02, 2019; 01:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2019-9621

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.

Published: April 30, 2019; 02:29:08 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-20510

The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "*from *code *flags" lines in a debugfs file.

Published: April 30, 2019; 02:29:07 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-20509

The print_binder_ref_olocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading " ref *desc *node" lines in a debugfs file.

Published: April 30, 2019; 02:29:07 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2019-11599

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.

Published: April 29, 2019; 02:29:00 PM -04:00
V3: 7.0 HIGH
V2: 6.9 MEDIUM