Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-6039 |
A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches. Published: November 09, 2023; 10:15:09 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-3282 |
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine. Published: November 08, 2023; 1:15:07 PM -0500 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2023-5090 |
A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. Published: November 06, 2023; 6:15:09 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-47233 |
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. Published: November 03, 2023; 5:15:17 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-1476 |
A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system. Published: November 03, 2023; 5:15:13 AM -0400 |
V3.1: 7.0 HIGH V2.0:(not available) |
CVE-2023-1194 |
An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory. Published: November 03, 2023; 4:15:07 AM -0400 |
V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2023-31102 |
Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. Published: November 03, 2023; 12:15:20 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-35896 |
IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247. Published: November 02, 2023; 11:15:07 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-43018 |
IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163. Published: November 02, 2023; 8:15:12 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-42029 |
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059. Published: November 02, 2023; 8:15:12 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-42027 |
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057. Published: November 02, 2023; 8:15:12 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-31022 |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service. Published: November 02, 2023; 3:15:41 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-31018 |
NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service. Published: November 02, 2023; 3:15:41 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-3397 |
A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information. Published: November 01, 2023; 4:15:08 PM -0400 |
V3.1: 6.3 MEDIUM V2.0:(not available) |
CVE-2023-1193 |
A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work. Published: November 01, 2023; 4:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-1192 |
A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service. Published: November 01, 2023; 4:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-5178 |
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. Published: November 01, 2023; 1:15:11 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-5847 |
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. Published: November 01, 2023; 12:15:08 PM -0400 |
V3.1: 7.3 HIGH V2.0:(not available) |
CVE-2023-47104 |
tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters. Published: October 30, 2023; 3:15:08 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2020-36767 |
tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data. Published: October 30, 2023; 3:15:07 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |