U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:linux:linux_kernel:-
There are 3,912 matching records.
Displaying matches 261 through 280.
Vuln ID Summary CVSS Severity
CVE-2023-4328

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows

Published: August 15, 2023; 3:15:11 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-4327

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux

Published: August 15, 2023; 3:15:11 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-38741

IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905.

Published: August 14, 2023; 2:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-40283

An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.

Published: August 13, 2023; 11:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-23208

Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261.

Published: August 13, 2023; 5:15:09 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-24016

Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access.

Published: August 10, 2023; 11:15:18 PM -0400
V3.1: 7.3 HIGH
V2.0:(not available)
CVE-2023-4273

A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.

Published: August 09, 2023; 11:15:09 AM -0400
V3.1: 6.7 MEDIUM
V2.0:(not available)
CVE-2023-20562

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.

Published: August 08, 2023; 2:15:11 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-20561

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.

Published: August 08, 2023; 2:15:11 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-20556

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.

Published: August 08, 2023; 2:15:11 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-4194

A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.

Published: August 07, 2023; 10:15:11 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-4147

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.

Published: August 07, 2023; 10:15:11 AM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-4136

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.

Published: August 03, 2023; 11:15:34 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-4133

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.

Published: August 03, 2023; 11:15:33 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-4132

A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.

Published: August 03, 2023; 11:15:32 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-4010

A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.

Published: July 31, 2023; 1:15:10 PM -0400
V3.1: 4.6 MEDIUM
V2.0:(not available)
CVE-2023-3773

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.

Published: July 25, 2023; 12:15:11 PM -0400
V3.1: 4.4 MEDIUM
V2.0:(not available)
CVE-2023-3772

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.

Published: July 25, 2023; 12:15:11 PM -0400
V3.1: 4.4 MEDIUM
V2.0:(not available)
CVE-2023-3640

A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.

Published: July 24, 2023; 12:15:13 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-3567

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.

Published: July 24, 2023; 12:15:12 PM -0400
V3.1: 7.1 HIGH
V2.0:(not available)