Search Results (Refine Search)
- CPE Product Version: cpe:/o:linux:linux_kernel:-
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-34460 |
Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. The regression has been patched on version 1.4.1. Published: June 23, 2023; 4:15:09 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-3220 |
An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference. Published: June 20, 2023; 4:15:09 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-3022 |
A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress. Published: June 19, 2023; 2:15:09 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-35827 |
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. Published: June 18, 2023; 6:15:09 PM -0400 |
V3.1: 7.0 HIGH V2.0:(not available) |
CVE-2023-35824 |
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. Published: June 18, 2023; 6:15:09 PM -0400 |
V3.1: 7.0 HIGH V2.0:(not available) |
CVE-2023-35823 |
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. Published: June 18, 2023; 6:15:09 PM -0400 |
V3.1: 7.0 HIGH V2.0:(not available) |
CVE-2023-35788 |
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. Published: June 16, 2023; 5:15:09 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-3268 |
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. Published: June 16, 2023; 3:15:14 PM -0400 |
V3.1: 7.1 HIGH V2.0:(not available) |
CVE-2022-22307 |
IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753. Published: June 14, 2023; 9:15:09 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-34865 |
Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature. Published: June 14, 2023; 10:15:10 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-3159 |
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. Published: June 12, 2023; 5:15:22 PM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2023-3161 |
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. Published: June 12, 2023; 4:15:12 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-23482 |
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891. Published: June 07, 2023; 10:15:09 PM -0400 |
V3.1: 9.6 CRITICAL V2.0:(not available) |
CVE-2023-23481 |
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889. Published: June 07, 2023; 10:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-23480 |
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245885. Published: June 07, 2023; 10:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-33847 |
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102. Published: June 07, 2023; 9:15:09 PM -0400 |
V3.1: 3.1 LOW V2.0:(not available) |
CVE-2023-33846 |
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 257100. Published: June 07, 2023; 9:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-33849 |
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105. Published: June 07, 2023; 6:15:10 PM -0400 |
V3.1: 3.7 LOW V2.0:(not available) |
CVE-2023-33848 |
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. IBM X-Force ID: 257104. Published: June 07, 2023; 5:15:13 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-0041 |
IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657. Published: June 04, 2023; 9:15:45 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |