Skip to main content

Enterprise Linux

1150 CVEs product

Monthly

CVE-2024-3049 MEDIUM This Month

A flaw was found in Booth, a cluster ticket manager. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Booth Enterprise Linux Enterprise Linux Eus Enterprise Linux For Arm 64 +4
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-3567 MEDIUM POC This Month

A flaw was found in QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Qemu Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-2496 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Libvirt Enterprise Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-2002 HIGH This Week

A double-free vulnerability was found in libdwarf. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libdwarf Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-1488 HIGH PATCH This Week

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Unbound Codeready Linux Builder Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little Endian +15
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-1062 MEDIUM This Month

A heap overflow flaw was found in 389-ds-base. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service 389 Directory Server Directory Server +11
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-1151 MEDIUM PATCH This Month

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Stack Overflow Linux Debian Linux Fedora +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-1048 LOW Monitor

A flaw was found in the grub2-set-bootflag utility of grub2. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Grub2 Enterprise Linux Fedora
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2024-0690 PyPI MEDIUM PATCH This Month

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ansible Enterprise Linux Ansible Automation Platform Ansible Developer +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-50782 PyPI HIGH PATCH This Week

A flaw was found in the python-cryptography package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Python Ansible Automation Platform Enterprise Linux Update Infrastructure +2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-0914 MEDIUM PATCH This Month

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Opencryptoki Enterprise Linux
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-0564 MEDIUM POC This Month

A flaw was found in the Linux kernel's memory deduplication mechanism. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-0841 HIGH This Week

A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-40547 HIGH This Week

A remote code execution vulnerability was found in Shim. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow RCE Memory Corruption Shim Enterprise Linux
NVD
CVSS 3.1
8.3
EPSS
4.9%
CVE-2024-0775 HIGH PATCH This Week

A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-0607 MEDIUM PATCH This Month

A flaw was found in the Netfilter subsystem in the Linux kernel. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-0646 HIGH PATCH This Week

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-0641 MEDIUM PATCH This Month

A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0639 MEDIUM PATCH This Month

A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0232 MEDIUM POC This Month

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Sqlite Enterprise Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-0553 HIGH POC PATCH This Week

A vulnerability was found in GnuTLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Gnutls Fedora Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2024-0562 HIGH PATCH This Week

A use-after-free flaw was found in the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23301 MEDIUM POC PATCH This Month

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Relax And Recover Linux Enterprise Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-6683 MEDIUM PATCH This Month

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Qemu Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-0443 MEDIUM This Month

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-5455 MEDIUM This Month

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.

CSRF Enterprise Linux For Power Little Endian Eus Enterprise Linux For Power Big Endian Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Enterprise Linux For Arm 64 Eus +17
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-3600 HIGH PATCH This Week

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. Rated high severity (CVSS 7.8). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow RCE Information Disclosure Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0217 LOW PATCH Monitor

A use-after-free flaw was found in PackageKitd. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Packagekit Enterprise Linux +1
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2023-6004 MEDIUM This Month

A flaw was found in libssh. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Libssh Fedora Enterprise Linux
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2023-7192 MEDIUM PATCH This Month

A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-6693 MEDIUM PATCH This Month

A stack based buffer overflow was found in the virtio-net device of QEMU. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required.

Stack Overflow Buffer Overflow Qemu Enterprise Linux Fedora
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2023-4641 MEDIUM This Month

A flaw was found in shadow-utils. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Shadow Utils Codeready Linux Builder Codeready Linux Builder For Arm64 Codeready Linux Builder For Ibm Z Systems +5
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-51767 HIGH This Week

OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass SSH Openssh Fedora Enterprise Linux
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2023-51765 MEDIUM POC PATCH This Month

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Sendmail Freebsd Enterprise Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-51764 MEDIUM POC This Month

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Postfix Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
2.6%
CVE-2023-6546 HIGH PATCH This Week

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. Rated high severity (CVSS 7.0).

Privilege Escalation Linux Linux Kernel Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.8%
CVE-2023-6918 MEDIUM This Month

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libssh Fedora Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2023-48795 LIB MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js SSH Java +66
NVD GitHub
CVSS 3.1
5.9
EPSS
53.6%
Threat
4.3
CVE-2023-47038 HIGH PATCH This Week

A vulnerability was found in perl 5.30.0 through 5.38.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow Perl Fedora Enterprise Linux +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-6710 MEDIUM POC This Month

A flaw was found in the mod_proxy_cluster in the Apache server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Mod Proxy Cluster Enterprise Linux
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.2%
CVE-2023-6679 MEDIUM PATCH This Month

A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Fedora +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-5870 MEDIUM This Month

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service PostgreSQL Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little Endian Eus Codeready Linux Builder For Arm64 Eus +12
NVD
CVSS 3.1
4.4
EPSS
2.6%
CVE-2023-5869 HIGH This Week

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow RCE PostgreSQL Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little Endian Eus +18
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2023-5868 MEDIUM This Month

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little Endian Eus Codeready Linux Builder For Arm64 Eus +12
NVD
CVSS 3.1
4.3
EPSS
2.8%
CVE-2023-6622 MEDIUM PATCH This Month

A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Fedora Linux Kernel +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-6610 HIGH POC This Week

An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-6606 HIGH POC This Week

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Linux Linux Kernel Enterprise Linux +3
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-5871 MEDIUM PATCH This Month

A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libnbd Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-6176 MEDIUM PATCH This Month

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. Rated medium severity (CVSS 4.7).

Denial Of Service Null Pointer Dereference Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-6121 MEDIUM This Month

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Linux Buffer Overflow Enterprise Linux
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-5547 PHP MEDIUM PATCH This Month

The course upload preview contained an XSS risk for users uploading unsafe data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5546 PHP MEDIUM PATCH This Month

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2023-5544 PHP MEDIUM PATCH This Month

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-39198 HIGH PATCH This Week

A race condition was found in the QXL driver in the Linux kernel. Rated high severity (CVSS 7.5). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Denial Of Service Privilege Escalation +3
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-4535 LOW PATCH Monitor

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Rated low severity (CVSS 3.8), this vulnerability is no authentication required.

Buffer Overflow Information Disclosure Authentication Bypass Opensc Fedora +1
NVD GitHub
CVSS 3.1
3.8
EPSS
0.5%
CVE-2023-40661 MEDIUM This Month

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. Rated medium severity (CVSS 6.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Opensc Enterprise Linux
NVD GitHub
CVSS 3.1
6.4
EPSS
1.2%
CVE-2023-40660 MEDIUM This Month

A flaw was found in OpenSC packages that allow a potential PIN bypass. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Opensc Enterprise Linux
NVD GitHub
CVSS 3.1
6.6
EPSS
0.9%
CVE-2023-5090 MEDIUM PATCH This Month

A flaw was found in KVM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Kernel Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42669 MEDIUM This Month

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Samba Storage Enterprise Linux +5
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-5088 HIGH PATCH This Week

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). Rated high severity (CVSS 7.0).

RCE Qemu Enterprise Linux
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-3961 CRITICAL POC Act Now

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Authentication Bypass Samba Storage Enterprise Linux +2
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-1476 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-5824 HIGH This Week

A flaw was found in Squid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Squid Enterprise Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
5.2%
CVE-2023-4091 MEDIUM This Month

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Samba Fedora Storage Enterprise Linux +1
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-46848 HIGH This Week

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Squid Enterprise Linux Enterprise Linux Eus Enterprise Linux Server Aus +1
NVD GitHub
CVSS 3.1
7.5
EPSS
10.2%
CVE-2023-46847 HIGH This Week

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Squid Enterprise Linux Enterprise Linux Eus +7
NVD GitHub
CVSS 3.1
7.5
EPSS
85.9%
CVE-2023-46846 MEDIUM This Month

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Squid Enterprise Linux Enterprise Linux Eus +5
NVD GitHub
CVSS 3.1
5.3
EPSS
5.3%
CVE-2023-38473 MEDIUM This Month

A vulnerability was found in Avahi. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38472 MEDIUM This Month

A vulnerability was found in Avahi. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38471 MEDIUM This Month

A vulnerability was found in Avahi. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38470 MEDIUM This Month

A vulnerability was found in Avahi. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38469 MEDIUM This Month

A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-3164 MEDIUM This Month

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libtiff Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-1192 MEDIUM This Month

A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-5178 HIGH PATCH This Week

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption RCE Privilege Escalation +5
NVD
CVSS 3.1
8.8
EPSS
8.4%
CVE-2023-3972 HIGH PATCH This Week

A vulnerability was found in insights-client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation RCE Insights Client Enterprise Linux Enterprise Linux Aus +16
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-5574 HIGH PATCH This Week

A use-after-free flaw was found in xorg-x11-server-Xvfb. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Memory Corruption X Server Enterprise Linux
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2023-5380 MEDIUM PATCH This Month

A use-after-free flaw was found in the xorg-x11-server. Rated medium severity (CVSS 4.7). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Memory Corruption X Server Xwayland +3
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2023-5367 HIGH PATCH This Week

A out-of-bounds write flaw was found in the xorg-x11-server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Memory Corruption X Server Xwayland +10
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-4693 MEDIUM POC This Month

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Grub2 Enterprise Linux
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2023-4692 HIGH POC This Week

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Grub2 Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-5633 HIGH PATCH This Week

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation VMware Linux Kernel Codeready Linux Builder Codeready Linux Builder Eus +19
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-5557 HIGH POC This Week

A flaw was found in the tracker-miners package. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Tracker Miners Enterprise Linux
NVD
CVSS 3.1
7.7
EPSS
0.9%
CVE-2023-43789 MEDIUM This Month

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libxpm Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-43788 MEDIUM This Month

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libxpm Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-43787 HIGH This Week

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Libx11 Enterprise Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-43786 MEDIUM This Month

A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Libx11 Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-43785 MEDIUM This Month

A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Libx11 Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-39194 MEDIUM PATCH This Month

A flaw was found in the XFRM subsystem in the Linux kernel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2023-39193 MEDIUM PATCH This Month

A flaw was found in the Netfilter subsystem in the Linux kernel. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
6.0
EPSS
0.4%
EPSS 1% CVSS 5.9
MEDIUM This Month

A flaw was found in Booth, a cluster ticket manager. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Booth Enterprise Linux +6
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A flaw was found in QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Qemu Enterprise Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Libvirt +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A double-free vulnerability was found in libdwarf. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libdwarf Enterprise Linux +1
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Unbound Codeready Linux Builder +17
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A heap overflow flaw was found in 389-ds-base. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Stack Overflow Linux +4
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A flaw was found in the grub2-set-bootflag utility of grub2. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Grub2 Enterprise Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ansible Enterprise Linux +4
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the python-cryptography package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Python Ansible Automation Platform +4
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Opencryptoki Enterprise Linux
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A flaw was found in the Linux kernel's memory deduplication mechanism. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Linux Linux Kernel +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux +2
NVD
EPSS 5% CVSS 8.3
HIGH This Week

A remote code execution vulnerability was found in Shim. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure +3
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

A flaw was found in the Netfilter subsystem in the Linux kernel. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

A vulnerability was found in GnuTLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Gnutls +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure +3
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Relax And Recover Linux Enterprise +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Qemu +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.

CSRF Enterprise Linux For Power Little Endian Eus Enterprise Linux For Power Big Endian +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. Rated high severity (CVSS 7.8). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow RCE +5
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

A use-after-free flaw was found in PackageKitd. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM This Month

A flaw was found in libssh. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Libssh Fedora +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel +1
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A stack based buffer overflow was found in the virtio-net device of QEMU. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required.

Stack Overflow Buffer Overflow Qemu +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A flaw was found in shadow-utils. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Shadow Utils Codeready Linux Builder +7
NVD
EPSS 0% CVSS 7.0
HIGH This Week

OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass SSH Openssh +2
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Sendmail Freebsd +1
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM POC This Month

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Postfix Fedora +1
NVD GitHub
EPSS 1% CVSS 7.0
HIGH PATCH This Week

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. Rated high severity (CVSS 7.0).

Privilege Escalation Linux Linux Kernel +2
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libssh Fedora +1
NVD
EPSS 54% 4.3 CVSS 5.9
MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js +68
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in perl 5.30.0 through 5.38.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow Perl +4
NVD GitHub
EPSS 2% CVSS 5.4
MEDIUM POC This Month

A flaw was found in the mod_proxy_cluster in the Apache server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Mod Proxy Cluster +1
NVD Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +3
NVD
EPSS 3% CVSS 4.4
MEDIUM This Month

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service PostgreSQL Codeready Linux Builder Eus +14
NVD
EPSS 4% CVSS 8.8
HIGH This Week

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow RCE PostgreSQL +20
NVD
EPSS 3% CVSS 4.3
MEDIUM This Month

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Codeready Linux Builder Eus +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +3
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC This Week

An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Linux +2
NVD
EPSS 1% CVSS 7.1
HIGH POC This Week

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Linux +5
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libnbd Enterprise Linux
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. Rated medium severity (CVSS 4.7).

Denial Of Service Null Pointer Dereference Linux +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Linux Buffer Overflow +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

The course upload preview contained an XSS risk for users uploading unsafe data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Enterprise Linux +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Enterprise Linux +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Enterprise Linux +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A race condition was found in the QXL driver in the Linux kernel. Rated high severity (CVSS 7.5). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption +5
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Rated low severity (CVSS 3.8), this vulnerability is no authentication required.

Buffer Overflow Information Disclosure Authentication Bypass +3
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM This Month

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. Rated medium severity (CVSS 6.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Opensc Enterprise Linux
NVD GitHub
EPSS 1% CVSS 6.6
MEDIUM This Month

A flaw was found in OpenSC packages that allow a potential PIN bypass. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Opensc Enterprise Linux
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in KVM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Kernel Enterprise Linux
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Samba +7
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). Rated high severity (CVSS 7.0).

RCE Qemu Enterprise Linux
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Authentication Bypass Samba +4
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux +7
NVD
EPSS 5% CVSS 7.5
HIGH This Week

A flaw was found in Squid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Squid Enterprise Linux
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Samba Fedora +3
NVD
EPSS 10% CVSS 7.5
HIGH This Week

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Squid Enterprise Linux +3
NVD GitHub
EPSS 86% CVSS 7.5
HIGH This Week

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Squid +9
NVD GitHub
EPSS 5% CVSS 5.3
MEDIUM This Month

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Squid +7
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability was found in Avahi. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Enterprise Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability was found in Avahi. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Enterprise Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability was found in Avahi. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Enterprise Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability was found in Avahi. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Enterprise Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Enterprise Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libtiff +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux +3
NVD
EPSS 8% CVSS 8.8
HIGH PATCH This Week

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in insights-client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation RCE Insights Client +18
NVD GitHub
EPSS 1% CVSS 7.0
HIGH PATCH This Week

A use-after-free flaw was found in xorg-x11-server-Xvfb. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Memory Corruption +2
NVD
EPSS 1% CVSS 4.7
MEDIUM PATCH This Month

A use-after-free flaw was found in the xorg-x11-server. Rated medium severity (CVSS 4.7). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Memory Corruption +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A out-of-bounds write flaw was found in the xorg-x11-server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Memory Corruption +12
NVD
EPSS 0% CVSS 4.6
MEDIUM POC This Month

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Grub2 +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation VMware Linux Kernel +21
NVD
EPSS 1% CVSS 7.7
HIGH POC This Week

A flaw was found in the tracker-miners package. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Tracker Miners Enterprise Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libxpm +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libxpm +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Libx11 Enterprise Linux +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Libx11 +2
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A flaw was found in the XFRM subsystem in the Linux kernel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux +3
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

A flaw was found in the Netfilter subsystem in the Linux kernel. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux +3
NVD
Prev Page 2 of 13 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy