Lucene search

K

Linux Security Vulnerabilities

cve
cve

CVE-2023-33849

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: ...

3.7CVSS

3.9AI Score

0.001EPSS

2023-06-07 10:15 PM
20
cve
cve

CVE-2023-33848

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. IBM X-Force ID: ...

6.5CVSS

6AI Score

0.001EPSS

2023-06-07 09:15 PM
24
cve
cve

CVE-2023-0666

Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running...

6.5CVSS

6.8AI Score

0.001EPSS

2023-06-07 03:15 AM
156
cve
cve

CVE-2023-0668

Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running...

6.5CVSS

6.8AI Score

0.001EPSS

2023-06-07 03:15 AM
66
cve
cve

CVE-2023-2603

A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-06-06 08:15 PM
158
cve
cve

CVE-2023-2602

A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process...

3.3CVSS

5.5AI Score

0.0004EPSS

2023-06-06 08:15 PM
322
cve
cve

CVE-2023-20716

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796883; Issue ID:...

6.7CVSS

6.7AI Score

0.0004EPSS

2023-06-06 01:15 PM
13
cve
cve

CVE-2023-20715

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796900; Issue ID:...

6.7CVSS

6.7AI Score

0.0004EPSS

2023-06-06 01:15 PM
15
cve
cve

CVE-2023-20712

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796914; Issue ID:...

6.7CVSS

6.7AI Score

0.0004EPSS

2023-06-06 01:15 PM
14
cve
cve

CVE-2023-33460

There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause...

6.5CVSS

6.5AI Score

0.001EPSS

2023-06-06 12:15 PM
348
cve
cve

CVE-2023-3079

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

8.6AI Score

0.013EPSS

2023-06-05 10:15 PM
564
In Wild
cve
cve

CVE-2023-3111

A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling...

7.8CVSS

7.4AI Score

0.0004EPSS

2023-06-05 09:15 PM
65
cve
cve

CVE-2023-0041

IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: ...

8.8CVSS

8.1AI Score

0.001EPSS

2023-06-05 01:15 AM
38
cve
cve

CVE-2023-32324

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function format_log_line could allow remote attackers to cause a...

7.5CVSS

5.9AI Score

0.001EPSS

2023-06-01 05:15 PM
197
cve
cve

CVE-2023-2977

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining.....

7.1CVSS

6.7AI Score

0.0004EPSS

2023-06-01 01:15 AM
53
cve
cve

CVE-2023-2598

A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege...

7.8CVSS

7.2AI Score

0.0004EPSS

2023-06-01 01:15 AM
60
cve
cve

CVE-2023-2985

A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service...

5.5CVSS

5.8AI Score

0.0004EPSS

2023-06-01 01:15 AM
235
cve
cve

CVE-2023-3006

A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to...

5.5CVSS

6.4AI Score

0.0004EPSS

2023-05-31 08:15 PM
52
cve
cve

CVE-2023-34256

An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend...

5.5CVSS

5.8AI Score

0.0004EPSS

2023-05-31 08:15 PM
52
cve
cve

CVE-2022-48502

An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in...

7.1CVSS

7AI Score

0.001EPSS

2023-05-31 08:15 PM
57
cve
cve

CVE-2023-25539

Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the...

9.8CVSS

9.8AI Score

0.003EPSS

2023-05-31 05:15 AM
21
cve
cve

CVE-2023-2612

Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel...

4.7CVSS

5.2AI Score

0.0004EPSS

2023-05-31 12:15 AM
120
cve
cve

CVE-2023-2952

XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture...

6.5CVSS

6.5AI Score

0.001EPSS

2023-05-30 11:15 PM
64
cve
cve

CVE-2023-34152

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes...

9.8CVSS

9.5AI Score

0.004EPSS

2023-05-30 10:15 PM
70
cve
cve

CVE-2023-34151

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of...

5.5CVSS

6.4AI Score

0.001EPSS

2023-05-30 10:15 PM
290
cve
cve

CVE-2023-34153

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO...

7.8CVSS

8.7AI Score

0.0004EPSS

2023-05-30 10:15 PM
278
cve
cve

CVE-2023-2953

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x()...

7.5CVSS

7.3AI Score

0.003EPSS

2023-05-30 10:15 PM
134
cve
cve

CVE-2023-20884

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information...

6.1CVSS

5.9AI Score

0.001EPSS

2023-05-30 04:15 PM
49
cve
cve

CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

6.5CVSS

6.7AI Score

0.001EPSS

2023-05-30 02:15 PM
431
cve
cve

CVE-2023-32307

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to GHSA-8599-x7rq-fr54, several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length....

7.5CVSS

7.6AI Score

0.001EPSS

2023-05-26 11:15 PM
32
cve
cve

CVE-2023-2898

There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service...

4.7CVSS

5.9AI Score

0.0004EPSS

2023-05-26 10:15 PM
49
cve
cve

CVE-2023-2879

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture...

7.5CVSS

7.3AI Score

0.001EPSS

2023-05-26 09:15 PM
104
cve
cve

CVE-2023-2858

NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture...

6.5CVSS

6.2AI Score

0.001EPSS

2023-05-26 09:15 PM
124
cve
cve

CVE-2023-2857

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture...

6.5CVSS

6.3AI Score

0.001EPSS

2023-05-26 09:15 PM
92
cve
cve

CVE-2023-2855

Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture...

6.5CVSS

6.2AI Score

0.001EPSS

2023-05-26 09:15 PM
50
cve
cve

CVE-2023-2854

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture...

6.5CVSS

6.3AI Score

0.001EPSS

2023-05-26 09:15 PM
41
cve
cve

CVE-2023-2856

VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture...

6.5CVSS

6.2AI Score

0.001EPSS

2023-05-26 09:15 PM
69
cve
cve

CVE-2023-28321

An improper certificate validation vulnerability exists in...

5.9CVSS

6.2AI Score

0.002EPSS

2023-05-26 09:15 PM
153
cve
cve

CVE-2023-2283

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepki_verify_data_signature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the...

6.5CVSS

6.8AI Score

0.002EPSS

2023-05-26 06:15 PM
252
cve
cve

CVE-2023-1981

A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to...

5.5CVSS

5.1AI Score

0.0004EPSS

2023-05-26 06:15 PM
121
cve
cve

CVE-2023-1667

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of...

6.5CVSS

6.4AI Score

0.001EPSS

2023-05-26 06:15 PM
146
cve
cve

CVE-2023-2002

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

6.8CVSS

6.9AI Score

0.0004EPSS

2023-05-26 05:15 PM
112
cve
cve

CVE-2023-32067

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...

7.5CVSS

7.5AI Score

0.001EPSS

2023-05-25 11:15 PM
378
cve
cve

CVE-2023-31130

c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to...

6.4CVSS

7.1AI Score

0.0004EPSS

2023-05-25 10:15 PM
274
cve
cve

CVE-2023-0950

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...

7.8CVSS

7.5AI Score

0.001EPSS

2023-05-25 08:15 PM
182
cve
cve

CVE-2023-2255

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would...

5.3CVSS

5.8AI Score

0.001EPSS

2023-05-25 08:15 PM
277
cve
cve

CVE-2023-0459

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond...

6.5CVSS

6.2AI Score

0.0004EPSS

2023-05-25 02:15 PM
361
cve
cve

CVE-2023-30469

Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before...

7.6CVSS

6.1AI Score

0.0005EPSS

2023-05-23 02:15 AM
25
cve
cve

CVE-2023-28709

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was ...

7.5CVSS

7.7AI Score

0.034EPSS

2023-05-22 11:15 AM
459
cve
cve

CVE-2023-33288

An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race...

4.7CVSS

5.5AI Score

0.0004EPSS

2023-05-22 03:15 AM
57
Total number of security vulnerabilities20519