Search Results (Refine Search)
- CPE Product Version: cpe:/o:linux:linux_kernel:-
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-4328 |
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows Published: August 15, 2023; 3:15:11 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-4327 |
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux Published: August 15, 2023; 3:15:11 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-38741 |
IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905. Published: August 14, 2023; 2:15:11 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-40283 |
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. Published: August 13, 2023; 11:15:09 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-23208 |
Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261. Published: August 13, 2023; 5:15:09 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-24016 |
Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access. Published: August 10, 2023; 11:15:18 PM -0400 |
V3.1: 7.3 HIGH V2.0:(not available) |
CVE-2023-4273 |
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. Published: August 09, 2023; 11:15:09 AM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2023-20562 |
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. Published: August 08, 2023; 2:15:11 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-20561 |
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service. Published: August 08, 2023; 2:15:11 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-20556 |
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service. Published: August 08, 2023; 2:15:11 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-4194 |
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. Published: August 07, 2023; 10:15:11 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-4147 |
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. Published: August 07, 2023; 10:15:11 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-4136 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27. Published: August 03, 2023; 11:15:34 AM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-4133 |
A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. Published: August 03, 2023; 11:15:33 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-4132 |
A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. Published: August 03, 2023; 11:15:32 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-4010 |
A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service. Published: July 31, 2023; 1:15:10 PM -0400 |
V3.1: 4.6 MEDIUM V2.0:(not available) |
CVE-2023-3773 |
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace. Published: July 25, 2023; 12:15:11 PM -0400 |
V3.1: 4.4 MEDIUM V2.0:(not available) |
CVE-2023-3772 |
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. Published: July 25, 2023; 12:15:11 PM -0400 |
V3.1: 4.4 MEDIUM V2.0:(not available) |
CVE-2023-3640 |
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system. Published: July 24, 2023; 12:15:13 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-3567 |
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. Published: July 24, 2023; 12:15:12 PM -0400 |
V3.1: 7.1 HIGH V2.0:(not available) |