VYPR

Enterprise Linux Update Services For Sap Solutions

by Red Hat

CVEs (32)

  • CVE-2023-4911HigKEVOct 3, 2023
    risk 0.71cvss 7.8epss 0.81

    A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID…

  • CVE-2024-12087MedJan 14, 2025
    risk 0.43cvss 6.5epss 0.02

    A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive`…

  • CVE-2024-12085HigJan 14, 2025
    risk 0.43cvss 7.5epss 0.09

    A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a…

  • CVE-2024-12088MedJan 14, 2025
    risk 0.42cvss 6.5epss 0.05

    A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary…

  • CVE-2025-5372MedJul 4, 2025
    risk 0.26cvss 5.0epss 0.00

    A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the…

  • CVE-2023-5178Nov 1, 2023
    risk 0.01cvss epss 0.09

    A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote…

  • CVE-2023-40551Jan 29, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.

  • CVE-2023-40546Jan 29, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it,…

  • CVE-2023-40549Jan 29, 2024
    risk 0.00cvss epss 0.00

    An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.

  • CVE-2023-40550Jan 29, 2024
    risk 0.00cvss epss 0.00

    An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.

  • CVE-2023-40548Jan 29, 2024
    risk 0.00cvss epss 0.00

    A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer…

  • CVE-2023-40547Jan 25, 2024
    risk 0.00cvss epss 0.05

    A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write…

  • CVE-2023-6816Jan 18, 2024
    risk 0.00cvss epss 0.02

    A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number…

  • CVE-2023-5455Jan 10, 2024
    risk 0.00cvss epss 0.01

    A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system…

  • CVE-2023-7192Jan 2, 2024
    risk 0.00cvss epss 0.00

    A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.

  • CVE-2023-6546Dec 21, 2023
    risk 0.00cvss epss 0.01

    A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci…

  • CVE-2023-6478Dec 13, 2023
    risk 0.00cvss epss 0.02

    A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

  • CVE-2023-6377Dec 13, 2023
    risk 0.00cvss epss 0.02

    A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is…

  • CVE-2023-5870Dec 10, 2023
    risk 0.00cvss epss 0.03

    A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient…

  • CVE-2023-5868Dec 10, 2023
    risk 0.00cvss epss 0.03

    A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can…

Page 1 of 2