VYPR

Vendor CVEs

Red Hat

All CVEs

3,692 total · sorted by risk
  • CVE-2024-26991May 1, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes Fix KVM_SET_MEMORY_ATTRIBUTES to not overflow lpage_info array and trigger KASAN splat, as seen in the private_mem_conversions_test…

  • CVE-2024-26990May 1, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Check kvm_mmu_page_ad_need_write_protect() when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs, so that the TDP…

  • CVE-2024-3623Apr 25, 2024
    risk 0.00cvss epss 0.00

    A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same…

  • CVE-2023-6787Apr 25, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt=login," prompting the…

  • CVE-2024-1132Apr 17, 2024
    risk 0.00cvss epss 0.02

    A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks.…

  • CVE-2024-2496Mar 18, 2024
    risk 0.00cvss epss 0.00

    A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to…

  • CVE-2023-7250Mar 18, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or…

  • CVE-2024-1013Mar 18, 2024
    risk 0.00cvss epss 0.00

    An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken.

  • CVE-2023-6725Mar 15, 2024
    risk 0.00cvss epss 0.00

    An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive…

  • CVE-2024-0560Feb 28, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the…

  • CVE-2023-6917Feb 28, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted…

  • CVE-2024-1722Feb 27, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.

  • CVE-2023-3966Feb 22, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.

  • CVE-2023-21165Feb 16, 2024
    risk 0.00cvss epss 0.00

    In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-6681Feb 12, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a…

  • CVE-2024-1151Feb 11, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack…

  • CVE-2024-1312Feb 8, 2024
    risk 0.00cvss epss 0.00

    A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system.

  • CVE-2023-6536Feb 7, 2024
    risk 0.00cvss epss 0.02

    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial…

  • CVE-2023-6535Feb 7, 2024
    risk 0.00cvss epss 0.02

    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial…

  • CVE-2023-6356Feb 7, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a…

  • CVE-2023-6200HigJan 28, 2024
    risk 0.00cvss 7.5epss 0.02

    A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.

  • CVE-2024-0822HigJan 25, 2024
    risk 0.00cvss 7.5epss 0.01

    An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.

  • CVE-2021-33631MedJan 18, 2024
    risk 0.00cvss 5.5epss 0.00

    Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.

  • CVE-2021-33630MedJan 18, 2024
    risk 0.00cvss 5.5epss 0.00

    NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C. This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.

  • CVE-2023-6915MedJan 15, 2024
    risk 0.00cvss 6.2epss 0.00

    A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.

  • CVE-2023-7192MedJan 2, 2024
    risk 0.00cvss 5.5epss 0.00

    A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.

  • CVE-2023-6546HigDec 21, 2023
    risk 0.00cvss 7.0epss 0.01

    A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci…

  • CVE-2023-6622MedDec 8, 2023
    risk 0.00cvss 5.5epss 0.00

    A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service.

  • CVE-2023-5972HigNov 23, 2023
    risk 0.00cvss 7.0epss 0.00

    A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.

  • CVE-2023-5341MedNov 19, 2023
    risk 0.00cvss 6.2epss 0.00

    A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.

  • CVE-2023-6176MedNov 16, 2023
    risk 0.00cvss 4.7epss 0.00

    A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or…

  • CVE-2023-6039MedNov 9, 2023
    risk 0.00cvss 5.5epss 0.00

    A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.

  • CVE-2023-4535MedNov 6, 2023
    risk 0.00cvss 4.5epss 0.00

    An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows…

  • CVE-2023-1476HigNov 3, 2023
    risk 0.00cvss 7.0epss 0.00

    A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.

  • CVE-2023-5408HigNov 2, 2023
    risk 0.00cvss 7.2epss 0.01

    A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader…

  • CVE-2023-1192MedNov 1, 2023
    risk 0.00cvss 6.5epss 0.01

    A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access…

  • CVE-2023-3972HigNov 1, 2023
    risk 0.00cvss 7.8epss 0.00

    A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an…

  • CVE-2023-42752MedOct 13, 2023
    risk 0.00cvss 5.5epss 0.00

    An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers.

  • CVE-2023-3153MedOct 4, 2023
    risk 0.00cvss 5.3epss 0.01

    A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

  • CVE-2023-4459MedAug 21, 2023
    risk 0.00cvss 5.5epss 0.00

    A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing…

  • CVE-2023-4387HigAug 16, 2023
    risk 0.00cvss 7.1epss 0.00

    A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all,…

  • CVE-2023-4385MedAug 16, 2023
    risk 0.00cvss 5.5epss 0.00

    A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.

  • CVE-2023-4147HigAug 7, 2023
    risk 0.00cvss 7.8epss 0.01

    A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.

  • CVE-2023-3812HigJul 24, 2023
    risk 0.00cvss 7.8epss 0.00

    An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges…

  • CVE-2023-3745MedJul 24, 2023
    risk 0.00cvss 5.5epss 0.00

    A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to…

  • CVE-2023-3863MedJul 24, 2023
    risk 0.00cvss 6.4epss 0.00

    A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.

  • CVE-2023-0160MedJul 18, 2023
    risk 0.00cvss 4.7epss 0.00

    A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.

  • CVE-2023-3106MedJul 12, 2023
    risk 0.00cvss 6.6epss 0.00

    A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another…

  • CVE-2023-3108MedJul 11, 2023
    risk 0.00cvss 6.2epss 0.00

    A flaw was found in the subsequent get_user_pages_fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. This flaw allows a local user to crash the system.

  • CVE-2023-1672MedJul 11, 2023
    risk 0.00cvss 5.3epss 0.01

    A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.

Page 47 of 74