U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:linux:linux_kernel:-
There are 3,912 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2023-45240

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.

Published: October 05, 2023; 6:15:12 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-44214

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.

Published: October 05, 2023; 6:15:12 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-44212

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477.

Published: October 05, 2023; 6:15:12 PM -0400
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2023-44211

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) before build 37391.

Published: October 05, 2023; 6:15:12 PM -0400
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2023-42755

A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.

Published: October 05, 2023; 3:15:11 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-42754

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.

Published: October 05, 2023; 3:15:11 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-43799

Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the software running on MacOS, Windows, and Linux. Version 5.2.5 fixes this issue.

Published: October 04, 2023; 5:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-44210

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29258.

Published: October 04, 2023; 4:15:10 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-44209

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051.

Published: October 04, 2023; 4:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-39191

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.

Published: October 04, 2023; 3:15:10 PM -0400
V3.1: 8.2 HIGH
V2.0:(not available)
CVE-2022-43906

IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897.

Published: October 04, 2023; 10:15:10 AM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-4732

A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x.

Published: October 03, 2023; 1:15:09 PM -0400
V3.1: 4.7 MEDIUM
V2.0:(not available)
CVE-2023-5345

A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.

Published: October 02, 2023; 11:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-3967

Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00.

Published: October 02, 2023; 10:15:09 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-3335

Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local usersĀ  to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.

Published: October 02, 2023; 10:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-44466

An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.

Published: September 29, 2023; 2:15:11 AM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-42756

A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.

Published: September 28, 2023; 10:15:21 AM -0400
V3.1: 4.7 MEDIUM
V2.0:(not available)
CVE-2023-44207

Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

Published: September 27, 2023; 11:19:39 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-44206

Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

Published: September 27, 2023; 11:19:39 AM -0400
V3.1: 9.1 CRITICAL
V2.0:(not available)
CVE-2023-44205

Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

Published: September 27, 2023; 11:19:39 AM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)