Linux Security Vulnerabilities
IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: ...
5.9CVSS
5.3AI Score
0.001EPSS
IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation. IBM X-Force ID: ...
6.5CVSS
6.2AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.001EPSS
In bluetooth driver, there is a possible out of bounds read due to improper input validation. This could lead to local information leak with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07867212; Issue ID:...
4.4CVSS
4.4AI Score
0.0004EPSS
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID:...
6.5CVSS
6.6AI Score
0.0004EPSS
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID:...
6.5CVSS
6.5AI Score
0.0004EPSS
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID:...
4.2CVSS
4AI Score
0.0004EPSS
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354023; Issue ID:...
4.2CVSS
4AI Score
0.0004EPSS
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID:...
6.5CVSS
6.6AI Score
0.0004EPSS
In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID:...
6.5CVSS
6.6AI Score
0.0004EPSS
In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID:...
4.2CVSS
4AI Score
0.0004EPSS
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID:...
4.2CVSS
4.4AI Score
0.0004EPSS
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID:...
4.2CVSS
4AI Score
0.0004EPSS
In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID:...
6.5CVSS
6.7AI Score
0.001EPSS
In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326430; Issue ID:...
6.5CVSS
6.5AI Score
0.0004EPSS
In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID:...
4CVSS
3.9AI Score
0.0004EPSS
In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID:...
4.2CVSS
4AI Score
0.0004EPSS
In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon...
8.1CVSS
7.2AI Score
0.0004EPSS
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others.....
10CVSS
9.5AI Score
0.001EPSS
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the clear_decompress_bands_data function in which there is no offset validation. Abuse of this vulnerability may lead to an out of...
9.8CVSS
9.3AI Score
0.001EPSS
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the progressive_decompress function. This issue is likely down to incorrect calculations of the nXSrc and nYSrc variables. This issue....
9.8CVSS
9.2AI Score
0.001EPSS
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the gdi_CreateSurface function. This issue affects FreeRDP based clients only. FreeRDP...
9.8CVSS
9.3AI Score
0.001EPSS
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the general_LumaToYUV444 function. This Out-Of-Bounds Read occurs because processing is done on the in variable without checking if it....
9.1CVSS
9.2AI Score
0.001EPSS
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the zgfx_decompress_segment function. In the context of CopyMemory, it's possible to read data beyond the.....
9.1CVSS
9.1AI Score
0.001EPSS
Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build...
5.5CVSS
4.7AI Score
0.0004EPSS
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the libfreerdp/codec/rfx.c file there is no offset validation in tile->quantIdxY,...
9.1CVSS
9AI Score
0.001EPSS
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build...
5.5CVSS
4AI Score
0.0004EPSS
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function gdi_multi_opaque_rect. In particular there is no code to validate if the value...
9.1CVSS
9.3AI Score
0.001EPSS
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values rect->left and rect->top are exactly equal to surface-&g...
9.8CVSS
9.2AI Score
0.001EPSS
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the nsc_rle_decompress_data function. The Out-Of-Bounds Read occurs because it processes context->Planes without checking if it...
7.5CVSS
8.3AI Score
0.001EPSS
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the rfx_process_message_tileset function, the program allocates...
7.5CVSS
8.4AI Score
0.001EPSS
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing RDPGFX_CMDID_RESETGRAPHICS packets. If context->maxPlaneSize is 0,...
9.8CVSS
9.3AI Score
0.001EPSS
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to WINPR_ASSERT with default compilation flags). When an insufficient blockLen is provided, and proper length.....
7.5CVSS
8.4AI Score
0.001EPSS
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a....
7.5CVSS
8.4AI Score
0.001EPSS
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build...
5.5CVSS
6AI Score
0.0004EPSS
Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build...
7.5CVSS
4.7AI Score
0.001EPSS
IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: ...
5.3CVSS
4.9AI Score
0.001EPSS
IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: ...
7.5CVSS
7AI Score
0.001EPSS
IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain clear text which can be read by a local user. IBM X-Force ID: ...
3.3CVSS
3.4AI Score
0.0004EPSS
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...
7.5CVSS
7.4AI Score
0.001EPSS
A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information...
7CVSS
5.8AI Score
0.0004EPSS
Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
8.8CVSS
8.8AI Score
0.002EPSS
Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path...
7.5CVSS
7.5AI Score
0.0005EPSS
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel...
7.5CVSS
7.1AI Score
0.003EPSS
An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software...
9.8CVSS
9.3AI Score
0.001EPSS
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is...
7.5CVSS
8.1AI Score
0.001EPSS
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream...
9.1CVSS
8.8AI Score
0.001EPSS
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before...
7.5CVSS
7.5AI Score
0.0005EPSS
A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory...
5.5CVSS
5.7AI Score
0.0004EPSS
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third...
8.8CVSS
8.4AI Score
0.0004EPSS