U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:linux:linux_kernel:-
There are 3,912 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2023-1192

A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.

Published: November 01, 2023; 4:15:08 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-5178

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.

Published: November 01, 2023; 1:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-5847

Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.

Published: November 01, 2023; 12:15:08 PM -0400
V3.1: 7.3 HIGH
V2.0:(not available)
CVE-2023-47104

tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.

Published: October 30, 2023; 3:15:08 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2020-36767

tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data.

Published: October 30, 2023; 3:15:07 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-46862

An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.

Published: October 29, 2023; 12:15:11 AM -0400
V3.1: 4.7 MEDIUM
V2.0:(not available)
CVE-2023-46813

An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.

Published: October 26, 2023; 11:15:08 PM -0400
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2023-43506

A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.

Published: October 25, 2023; 2:17:31 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-42031

IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 266016.

Published: October 25, 2023; 2:17:31 PM -0400
V3.1: 4.9 MEDIUM
V2.0:(not available)
CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

Published: October 23, 2023; 6:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-40373

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.

Published: October 16, 2023; 8:15:10 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-40372

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.

Published: October 16, 2023; 8:15:10 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-38719

IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607.

Published: October 16, 2023; 8:15:10 PM -0400
V3.1: 4.4 MEDIUM
V2.0:(not available)
CVE-2023-40374

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.

Published: October 16, 2023; 7:15:10 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-30991

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.

Published: October 16, 2023; 7:15:10 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-38740

IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.

Published: October 16, 2023; 6:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-38728

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.

Published: October 16, 2023; 6:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-38720

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.

Published: October 16, 2023; 5:15:10 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-30987

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.

Published: October 16, 2023; 5:15:10 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-45898

The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.

Published: October 15, 2023; 11:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)