Total
2041 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5764 | 2 Fedoraproject, Redhat | 7 Extra Packages For Enterprise Linux, Fedora, Ansible and 4 more | 2024-11-21 | N/A | 7.1 HIGH |
| A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data. | |||||
| CVE-2023-5633 | 2 Linux, Redhat | 22 Linux Kernel, Codeready Linux Builder, Codeready Linux Builder Eus and 19 more | 2024-11-21 | N/A | 7.8 HIGH |
| The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges. | |||||
| CVE-2023-5574 | 2 Redhat, X.org | 2 Enterprise Linux, X Server | 2024-11-21 | N/A | 7.0 HIGH |
| A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service. | |||||
| CVE-2023-5557 | 2 Gnome, Redhat | 2 Tracker Miners, Enterprise Linux | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability. | |||||
| CVE-2023-5547 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | N/A | 3.3 LOW |
| The course upload preview contained an XSS risk for users uploading unsafe data. | |||||
| CVE-2023-5546 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | N/A | 4.3 MEDIUM |
| ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. | |||||
| CVE-2023-5544 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | N/A | 6.5 MEDIUM |
| Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | |||||
| CVE-2023-5455 | 3 Fedoraproject, Freeipa, Redhat | 21 Fedora, Freeipa, Codeready Linux Builder and 18 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt. | |||||
| CVE-2023-5366 | 2 Openvswitch, Redhat | 5 Openvswitch, Enterprise Linux, Fast Datapath and 2 more | 2024-11-21 | N/A | 7.1 HIGH |
| A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. | |||||
| CVE-2023-5215 | 1 Redhat | 2 Enterprise Linux, Libnbd | 2024-11-21 | N/A | 5.3 MEDIUM |
| A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly. | |||||
| CVE-2023-5178 | 3 Linux, Netapp, Redhat | 5 Linux Kernel, Active Iq Unified Manager, Solidfire \& Hci Management Node and 2 more | 2024-11-21 | N/A | 8.8 HIGH |
| A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. | |||||
| CVE-2023-5156 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. | |||||
| CVE-2023-5090 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 6.0 MEDIUM |
| A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. | |||||
| CVE-2023-5056 | 1 Redhat | 2 Enterprise Linux, Service Interconnect | 2024-11-21 | N/A | 6.8 MEDIUM |
| A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview. | |||||
| CVE-2023-52355 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-21 | N/A | 7.5 HIGH |
| An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. | |||||
| CVE-2023-51765 | 3 Freebsd, Redhat, Sendmail | 3 Freebsd, Enterprise Linux, Sendmail | 2024-11-21 | N/A | 5.3 MEDIUM |
| sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features. | |||||
| CVE-2023-50782 | 3 Couchbase, Cryptography.io, Redhat | 5 Couchbase Server, Cryptography, Ansible Automation Platform and 2 more | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. | |||||
| CVE-2023-50781 | 2 M2crypto Project, Redhat | 3 M2crypto, Enterprise Linux, Update Infrastructure | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. | |||||
| CVE-2023-4853 | 2 Quarkus, Redhat | 13 Quarkus, Build Of Optaplanner, Build Of Quarkus and 10 more | 2024-11-21 | N/A | 8.1 HIGH |
| A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service. | |||||
| CVE-2023-4732 | 2 Linux, Redhat | 10 Linux Kernel, Codeready Linux Builder, Codeready Linux Builder For Arm64 and 7 more | 2024-11-21 | N/A | 4.7 MEDIUM |
| A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x. | |||||