Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Total 5530 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4459 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-04-25 N/A 5.5 MEDIUM
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
CVE-2023-4320 1 Redhat 1 Satellite 2024-04-25 N/A 7.5 HIGH
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.
CVE-2023-40551 2 Fedoraproject, Redhat 3 Fedora, Enterprise Linux, Shim 2024-04-25 N/A 5.1 MEDIUM
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.
CVE-2023-40550 2 Fedoraproject, Redhat 3 Fedora, Enterprise Linux, Shim 2024-04-25 N/A 5.5 MEDIUM
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
CVE-2023-40549 2 Fedoraproject, Redhat 3 Fedora, Enterprise Linux, Shim 2024-04-25 N/A 5.5 MEDIUM
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.
CVE-2023-40548 2 Fedoraproject, Redhat 2 Fedora, Shim 2024-04-25 N/A 7.4 HIGH
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
CVE-2023-40547 1 Redhat 2 Enterprise Linux, Shim 2024-04-25 N/A 8.3 HIGH
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
CVE-2023-40546 2 Fedoraproject, Redhat 3 Fedora, Enterprise Linux, Shim 2024-04-25 N/A 5.5 MEDIUM
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.
CVE-2023-3812 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-04-25 N/A 7.8 HIGH
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2017-18017 9 Arista, Canonical, Debian and 6 more 29 Eos, Ubuntu Linux, Debian Linux and 26 more 2024-04-24 10.0 HIGH 9.8 CRITICAL
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
CVE-2023-4693 2 Gnu, Redhat 2 Grub2, Enterprise Linux 2024-04-23 N/A 4.6 MEDIUM
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.
CVE-2023-4692 2 Gnu, Redhat 2 Grub2, Enterprise Linux 2024-04-23 N/A 7.8 HIGH
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
CVE-2023-4091 3 Fedoraproject, Redhat, Samba 5 Fedora, Enterprise Linux, Enterprise Linux Eus and 2 more 2024-04-22 N/A 6.5 MEDIUM
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.
CVE-2022-2127 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-04-22 N/A 5.9 MEDIUM
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.
CVE-2020-14383 2 Redhat, Samba 2 Enterprise Linux, Samba 2024-04-22 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.
CVE-2020-14318 2 Redhat, Samba 3 Enterprise Linux, Storage, Samba 2024-04-22 4.0 MEDIUM 4.3 MEDIUM
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
CVE-2023-6240 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-04-18 N/A 6.5 MEDIUM
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.
CVE-2024-0914 2 Opencryptoki Project, Redhat 2 Opencryptoki, Enterprise Linux 2024-04-16 N/A 5.9 MEDIUM
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
CVE-2023-6536 2 Linux, Redhat 16 Linux Kernel, Codeready Linux Builder Eus, Codeready Linux Builder Eus For Power Little Endian Eus and 13 more 2024-04-15 N/A 7.5 HIGH
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
CVE-2021-4294 1 Redhat 2 Openshift Container Platform, Openshift Osin 2024-04-11 N/A 5.9 MEDIUM
A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.