Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:linux:linux_kernel:-
There are 3,268 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2020-10942

In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.

Published: March 24, 2020; 6:15:12 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.4 MEDIUM
CVE-2019-4681

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171734.

Published: March 24, 2020; 12:15:12 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-4719

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.

Published: March 16, 2020; 12:15:12 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2019-4656

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.

Published: March 16, 2020; 12:15:12 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2019-4619

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.

Published: March 16, 2020; 12:15:12 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2019-4617

IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 168645.

Published: March 16, 2020; 12:15:12 PM -0400
V3.1: 4.4 MEDIUM
V2.0: 3.6 LOW
CVE-2020-9383

An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

Published: February 25, 2020; 11:15:11 AM -0500
V3.1: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2020-4212

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175023.

Published: February 24, 2020; 11:15:12 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2020-4211

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022.

Published: February 24, 2020; 11:15:12 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2020-4210

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175020.

Published: February 24, 2020; 11:15:12 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

Published: February 24, 2020; 9:15:11 AM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2011-4915

fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.

Published: February 20, 2020; 1:15:11 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2012-0055

OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.

Published: February 19, 2020; 1:15:09 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-4230

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.

Published: February 19, 2020; 11:15:12 AM -0500
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2020-4204

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960.

Published: February 19, 2020; 11:15:11 AM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-4200

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914.

Published: February 19, 2020; 11:15:11 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-4161

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341.

Published: February 19, 2020; 11:15:11 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-4135

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.

Published: February 19, 2020; 11:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-21033

A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager.

Published: February 14, 2020; 11:15:09 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2018-21032

A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager.

Published: February 14, 2020; 11:15:09 AM -0500
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM