Total
1812 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2513 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-04 | N/A | 6.7 MEDIUM |
| A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. | |||||
| CVE-2023-3212 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-02-04 | N/A | 4.4 MEDIUM |
| A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. | |||||
| CVE-2023-1667 | 4 Debian, Fedoraproject, Libssh and 1 more | 4 Debian Linux, Fedora, Libssh and 1 more | 2024-02-04 | N/A | 6.5 MEDIUM |
| A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. | |||||
| CVE-2023-2602 | 4 Debian, Fedoraproject, Libcap Project and 1 more | 4 Debian Linux, Fedora, Libcap and 1 more | 2024-02-04 | N/A | 3.3 LOW |
| A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. | |||||
| CVE-2023-0179 | 4 Canonical, Fedoraproject, Linux and 1 more | 14 Ubuntu Linux, Fedora, Linux Kernel and 11 more | 2024-02-04 | N/A | 7.8 HIGH |
| A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. | |||||
| CVE-2023-32233 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-04 | N/A | 7.8 HIGH |
| In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. | |||||
| CVE-2023-2194 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-02-04 | N/A | 6.7 MEDIUM |
| An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. | |||||
| CVE-2022-4285 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Binutils, Enterprise Linux | 2024-02-04 | N/A | 5.5 MEDIUM |
| An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. | |||||
| CVE-2022-3715 | 2 Gnu, Redhat | 2 Bash, Enterprise Linux | 2024-02-04 | N/A | 7.8 HIGH |
| A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems. | |||||
| CVE-2022-41862 | 3 Fedoraproject, Postgresql, Redhat | 6 Fedora, Postgresql, Enterprise Linux and 3 more | 2024-02-04 | N/A | 3.7 LOW |
| In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. | |||||
| CVE-2022-4904 | 3 C-ares Project, Fedoraproject, Redhat | 4 C-ares, Fedora, Enterprise Linux and 1 more | 2024-02-04 | N/A | 8.6 HIGH |
| A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. | |||||
| CVE-2023-1095 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-04 | N/A | 5.5 MEDIUM |
| In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference. | |||||
| CVE-2022-46341 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-02-04 | N/A | 8.8 HIGH |
| A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | |||||
| CVE-2022-46343 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-02-04 | N/A | 8.8 HIGH |
| A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | |||||
| CVE-2022-3775 | 2 Gnu, Redhat | 2 Grub2, Enterprise Linux | 2024-02-04 | N/A | 7.1 HIGH |
| When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. | |||||
| CVE-2022-46340 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-02-04 | N/A | 8.8 HIGH |
| A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. | |||||
| CVE-2022-46344 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-02-04 | N/A | 8.8 HIGH |
| A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | |||||
| CVE-2022-3500 | 3 Fedoraproject, Keylime, Redhat | 3 Fedora, Keylime, Enterprise Linux | 2024-02-04 | N/A | 5.1 MEDIUM |
| A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore. | |||||
| CVE-2023-0361 | 5 Debian, Fedoraproject, Gnu and 2 more | 7 Debian Linux, Fedora, Gnutls and 4 more | 2024-02-04 | N/A | 7.4 HIGH |
| A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. | |||||
| CVE-2022-46342 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-02-04 | N/A | 8.8 HIGH |
| A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se | |||||