Total
1877 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1241 | 6 Canonical, Debian, Google and 3 more | 11 Ubuntu Linux, Debian Linux, Chrome and 8 more | 2024-01-26 | 4.3 MEDIUM | N/A |
| Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack. | |||||
| CVE-2016-8610 | 7 Debian, Fujitsu, Netapp and 4 more | 53 Debian Linux, M10-1, M10-1 Firmware and 50 more | 2024-01-26 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. | |||||
| CVE-2009-3939 | 7 Avaya, Canonical, Debian and 4 more | 18 Aura Application Enablement Services, Aura Communication Manager, Aura Session Manager and 15 more | 2024-01-25 | 6.6 MEDIUM | 7.1 HIGH |
| The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. | |||||
| CVE-2023-5869 | 2 Postgresql, Redhat | 21 Postgresql, Codeready Linux Builder Eus, Codeready Linux Builder Eus For Power Little Endian Eus and 18 more | 2024-01-25 | N/A | 8.8 HIGH |
| A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory. | |||||
| CVE-2012-4406 | 3 Fedoraproject, Openstack, Redhat | 7 Fedora, Swift, Enterprise Linux Server and 4 more | 2024-01-25 | 7.5 HIGH | 9.8 CRITICAL |
| OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. | |||||
| CVE-2016-10165 | 6 Canonical, Debian, Littlecms and 3 more | 19 Ubuntu Linux, Debian Linux, Little Cms Color Engine and 16 more | 2024-01-10 | 5.8 MEDIUM | 7.1 HIGH |
| The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. | |||||
| CVE-2009-2698 | 6 Canonical, Fedoraproject, Linux and 3 more | 12 Ubuntu Linux, Fedora, Linux Kernel and 9 more | 2023-12-28 | 7.2 HIGH | 7.8 HIGH |
| The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. | |||||
| CVE-2018-8088 | 3 Oracle, Qos, Redhat | 14 Goldengate Application Adapters, Goldengate Stream Analytics, Utilities Framework and 11 more | 2023-12-27 | 7.5 HIGH | 9.8 CRITICAL |
| org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series. | |||||
| CVE-2019-14835 | 8 Canonical, Debian, Fedoraproject and 5 more | 44 Ubuntu Linux, Debian Linux, Fedora and 41 more | 2023-12-15 | 7.2 HIGH | 7.8 HIGH |
| A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. | |||||
| CVE-2023-3972 | 1 Redhat | 19 Enterprise Linux, Enterprise Linux Aus, Enterprise Linux Desktop and 16 more | 2023-12-10 | N/A | 7.8 HIGH |
| A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide). | |||||
| CVE-2023-3899 | 2 Fedoraproject, Redhat | 20 Fedora, Enterprise Linux, Enterprise Linux Desktop and 17 more | 2023-12-10 | N/A | 7.8 HIGH |
| A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root. | |||||
| CVE-2023-0179 | 4 Canonical, Fedoraproject, Linux and 1 more | 14 Ubuntu Linux, Fedora, Linux Kernel and 11 more | 2023-12-10 | N/A | 7.8 HIGH |
| A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. | |||||
| CVE-2023-0494 | 3 Fedoraproject, Redhat, X.org | 18 Fedora, Enterprise Linux, Enterprise Linux Aus and 15 more | 2023-12-10 | N/A | 7.8 HIGH |
| A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. | |||||
| CVE-2022-4254 | 2 Fedoraproject, Redhat | 13 Sssd, Enterprise Linux, Enterprise Linux Desktop and 10 more | 2023-12-10 | N/A | 8.8 HIGH |
| sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters | |||||
| CVE-2019-8720 | 3 Redhat, Webkitgtk, Wpewebkit | 24 Codeready Linux Builder, Codeready Linux Builder Eus, Codeready Linux Builder For Arm64 Eus and 21 more | 2023-12-10 | N/A | 8.8 HIGH |
| A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. | |||||
| CVE-2022-2739 | 2 Podman Project, Redhat | 3 Podman, Enterprise Linux Server, Enterprise Linux Workstation | 2023-12-10 | N/A | 5.3 MEDIUM |
| The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables. | |||||
| CVE-2014-0144 | 2 Qemu, Redhat | 9 Qemu, Enterprise Linux Desktop, Enterprise Linux Eus and 6 more | 2023-12-10 | N/A | 8.6 HIGH |
| QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. | |||||
| CVE-2014-0147 | 3 Fedoraproject, Qemu, Redhat | 10 Fedora, Qemu, Enterprise Linux Desktop and 7 more | 2023-12-10 | N/A | 6.2 MEDIUM |
| Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. | |||||
| CVE-2022-2738 | 2 Podman Project, Redhat | 3 Podman, Enterprise Linux Server, Enterprise Linux Workstation | 2023-12-10 | N/A | 7.5 HIGH |
| The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification. | |||||
| CVE-2015-1931 | 3 Ibm, Redhat, Suse | 8 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Eus and 5 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | |||||