cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-1932,https://securityvulnerability.io/vulnerability/CVE-2023-1932,HTML Injection Vulnerability in Hibernate Validator,"A flaw exists in the 'isValid' method within the SafeHtmlValidator class of Hibernate Validator that allows for potential HTML injection and Cross-Site Scripting (XSS) attacks. This vulnerability occurs due to the improper handling of HTML tags, specifically when tag endings are omitted in a less-than character format. Consequently, browsers may render invalid HTML, which could be exploited by attackers to inject malicious scripts, compromising the security of affected applications.",Red Hat,"A-MQ Clients 2,Cryostat 2,Red Hat AMQ Broker 7,Red Hat A-MQ Online,Red Hat Bpm Suite 6,Red Hat Codeready Studio 12,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Jboss Brms 5,Red Hat Jboss Data Grid 7,Red Hat Jboss Data Virtualization 6,Red Hat Jboss Enterprise Application Platform 5,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Continuous Delivery,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Operations Network 3,Red Hat Jboss Soa Platform 5,Red Hat Openstack Platform 10 (newton),Red Hat Openstack Platform 13 (queens),Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Support For Spring Boot,Streams For Apache Kafka",6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-07T10:00:51.745Z,0
CVE-2024-8612,https://securityvulnerability.io/vulnerability/CVE-2024-8612,"QEMU Vendor Flaw Affectsvirtio-scsi, virtio-blk, and virtio-crypto Devices","A vulnerability exists within QEMU, particularly affecting the virtio-scsi, virtio-blk, and virtio-crypto devices. This arises from a flaw in the virtqueue_push process where the size parameter can exceed the actual data size sent to the guest. Consequently, when the dma_memory_unmap function is invoked, it may erroneously call the address_space_write function to write back potentially sensitive information. This process can inadvertently expose uninitialized data from the bounce buffer, leading to an information leak that poses a security risk.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",3.8,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-09-20T18:15:00.000Z,0
CVE-2024-8354,https://securityvulnerability.io/vulnerability/CVE-2024-8354,QEMU Flaw May Allow Guest User to Crash Host and Cause Denial of Service,A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.,Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-19T10:45:06.191Z,0
CVE-2024-8235,https://securityvulnerability.io/vulnerability/CVE-2024-8235,Crash of virtinterfaced Daemon Due to NULL Pointer Dereference,A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.,Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",6.2,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-08-30T17:15:00.000Z,0
CVE-2024-7409,https://securityvulnerability.io/vulnerability/CVE-2024-7409,QEMU NBD Server Vulnerability: DoS Attack via Socket Closure,A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.,Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.15,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",,,0.0004600000102072954,false,false,false,false,,false,false,2024-08-05T13:19:27.498Z,0
CVE-2024-7383,https://securityvulnerability.io/vulnerability/CVE-2024-7383," libnbd TLS Verification Vulnerability Allows Man-in-the-Middle Attack","A security flaw exists in libnbd impacting the verification process of the NBD server's certificate during TLS connections. This weakness can lead to a man-in-the-middle attack, compromising the integrity and confidentiality of the NBD traffic. System administrators and users of affected Red Hat products should take immediate actions to apply the necessary updates to mitigate this vulnerability and secure their environments.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 8 Advanced Virtualization",7.4,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-08-05T13:19:13.933Z,0
CVE-2024-6505,https://securityvulnerability.io/vulnerability/CVE-2024-6505,Heap Overflow Vulnerability in QEMU's virtio-net Device,"A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",6.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-05T13:51:38.241Z,0
CVE-2024-4467,https://securityvulnerability.io/vulnerability/CVE-2024-4467,QEMU qemu-img Vulnerability: Memory or CPU Consumption Denial of Service,"A vulnerability exists in the QEMU disk image utility related to the 'info' command, where a specially crafted image file containing a specific JSON value can cause the qemu-img process to use an excessive amount of system resources. This behavior may result in resource exhaustion, potentially leading to a denial of service. The exploit can also enable unauthorized read/write access to existing external files on the host system, creating a significant security risk for affected environments.",Red Hat,"Advanced Virtualization For Rhel 8.2.1,Advanced Virtualization For Rhel 8.4.0.eus,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Openshift Virtualization 4",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-07-02T16:15:00.000Z,0
CVE-2024-4693,https://securityvulnerability.io/vulnerability/CVE-2024-4693,Guest-Triggerable Crash in QEMU Virtio PCI Bindings Could Lead to Host Crash,A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). This flaw allows a malicious guest to crash the QEMU process on the host.,Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T15:44:00.000Z,0
CVE-2024-4418,https://securityvulnerability.io/vulnerability/CVE-2024-4418,Stack Use-After-Free Flaw in libvirt Allows Escape from Limited Access,"A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being ""freed"" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization",6.2,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-05-08T03:03:05.135Z,0
CVE-2023-3758,https://securityvulnerability.io/vulnerability/CVE-2023-3758,Race Condition Flaw in SSSD May Lead to Inconsistent Authorization,"A race condition flaw exists within the System Security Services Daemon (SSSD) that affects the consistent application of Group Policy Object (GPO) policies for authenticated users. This vulnerability may result in improper authorization, which can lead to unintended access to sensitive resources or restrictions where access should be granted, compromising the integrity of access control mechanisms within the affected systems.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",7.1,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-04-18T19:06:44.216Z,0
CVE-2024-3567,https://securityvulnerability.io/vulnerability/CVE-2024-3567,QEMU Flaw Allows Malicious Guest to Crash QEMU and Cause Denial of Service,A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.,Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2024-04-10T14:32:02.343Z,0
CVE-2024-3446,https://securityvulnerability.io/vulnerability/CVE-2024-3446,Double Free Vulnerability in QEMU Virtio Devices Could Lead to Denial of Service or Arbitrary Code Execution,"A double free vulnerability has been identified in QEMU's virtio devices, specifically affecting the virtio-gpu, virtio-serial-bus, and virtio-crypto components. This vulnerability arises from an insufficient safeguard in the mem_reentrancy_guard flag, which fails to adequately address Direct Memory Access (DMA) reentrancy issues. Exploitation of this vulnerability by a malicious privileged guest user could lead to a crash of the QEMU process on the host system. Additionally, it poses a risk of arbitrary code execution within the context of the QEMU process, potentially undermining the security integrity of the host environment.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9",8.2,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-04-09T19:34:45.646Z,0
CVE-2024-2494,https://securityvulnerability.io/vulnerability/CVE-2024-2494,Flaw in libvirt RPC Library APIs Allows Denial of Service Attack,"A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization",6.2,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-03-21T13:39:08.847Z,0
CVE-2024-1394,https://securityvulnerability.io/vulnerability/CVE-2024-1394,Memory Leak Vulnerability in Golang RSA Code Could Lead to Resource Exhaustion,"A memory leak flaw has been identified in the RSA encrypting and decrypting code of the Golang FIPS OpenSSL library. This issue arises from improper handling of named return parameters, specifically within the RSA library's context initialization process. When errors occur during context initialization or property settings, the related pointers, namely 'pkey' and 'ctx', are left unfreed, leading to a potential resource exhaustion vulnerability. Attackers can exploit this flaw through crafted inputs, causing the application to exhaust memory resources.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9,Red Hat Developer Tools,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Openshift Container Platform 4.12,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.14,Red Hat Openshift Container Platform 4.15,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1 For Rhel 8,Red Hat Openstack Platform 17.1 For Rhel 9,Rhodf-4.16-rhel-9,Nbde Tang Server,Openshift Developer Tools And Services,Openshift Pipelines,Openshift Serverless,Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Automation Platform 2,Red Hat Certification For Red Hat Enterprise Linux 8,Red Hat Certification For Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 7,Red Hat Openshift Container Platform 4,Red Hat Openshift Container Storage 4,Red Hat Openshift Dev Spaces,Red Hat Openshift Gitops,Red Hat Openshift On Aws,Red Hat Openshift Virtualization 4,Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0,Red Hat Service Interconnect 1,Red Hat Software Collections,Red Hat Storage 3",7.5,HIGH,0.0006900000153109431,false,false,false,false,,false,false,2024-03-21T12:16:38.790Z,0
CVE-2024-2496,https://securityvulnerability.io/vulnerability/CVE-2024-2496,"NULL pointer dereference flaw found in udevConnectListAllInterfaces() function, potentially leading to denial of service attack",A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.,Red Hat,"Libvirt,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Fedora 39",,,0.00044999999227002263,false,false,false,false,,false,false,2024-03-18T12:54:17.647Z,0
CVE-2024-1441,https://securityvulnerability.io/vulnerability/CVE-2024-1441,Denial of Service Vulnerability in libvirt's udevListInterfacesByStatus() Function,"An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.",Red Hat,"Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization",5.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-03-11T13:37:54.724Z,0
CVE-2023-6536,https://securityvulnerability.io/vulnerability/CVE-2023-6536,Linux Kernel NVMe Driver Vulnerability Leads to Kernel Panic and Denial of Service,"A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Rhol-5.8-rhel-9,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",6.5,MEDIUM,0.0014600000577047467,false,false,false,false,,false,false,2024-02-07T21:05:13.716Z,0
CVE-2023-6535,https://securityvulnerability.io/vulnerability/CVE-2023-6535,Linux Kernel NVMe Driver Vulnerability Leads to Kernel Panic and Denial of Service,"A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Rhol-5.8-rhel-9,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",6.5,MEDIUM,0.001180000021122396,false,false,false,false,,false,false,2024-02-07T21:04:21.409Z,0
CVE-2023-6356,https://securityvulnerability.io/vulnerability/CVE-2023-6356,Linux Kernel NVMe Driver Vulnerability Could Lead to Kernel Panic and Denial of Service,"A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Rhol-5.8-rhel-9,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",6.5,MEDIUM,0.0014600000577047467,false,false,false,false,,false,false,2024-02-07T21:04:20.684Z,0
CVE-2023-50781,https://securityvulnerability.io/vulnerability/CVE-2023-50781,Remote Decryption Flaw in TLS Servers May Lead to Data Exposure,A vulnerability has been identified in the M2Crypto library that affects the security of TLS servers utilizing RSA key exchanges. This flaw could allow a remote attacker to decrypt messages that have been captured during transmission. The exposure of such decrypted data raises serious concerns regarding the potential compromise of confidential or sensitive information. Organizations using M2Crypto should take immediate action to ensure they are using updated versions to mitigate this risk.,Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Update Infrastructure 4 For Cloud Providers,Red Hat Virtualization 4",7.5,HIGH,0.0011699999449774623,false,false,false,false,,false,false,2024-02-05T20:45:14.089Z,0
CVE-2023-6200,https://securityvulnerability.io/vulnerability/CVE-2023-6200,Unauthenticated Attacker Could Execute Arbitrary Code via ICMPv6 Router Advertisement Packet,"A race condition has been identified in the Linux Kernel, which can be exploited under specific conditions. An unauthenticated attacker situated within an adjacent network may exploit this vulnerability by sending crafted ICMPv6 router advertisement packets. If successful, this attack could lead to arbitrary code execution, potentially compromising the integrity and security of the affected systems.",Red Hat,"kernel,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Virtualization 4,Fedora",7.5,HIGH,0.004679999779909849,false,false,false,false,,false,false,2024-01-28T12:19:24.885Z,0
CVE-2024-0646,https://securityvulnerability.io/vulnerability/CVE-2024-0646,Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination,"The vulnerability arises from an out-of-bounds memory write flaw in the Linux kernel's Transport Layer Security (TLS) functionality, specifically during a user-initiated call to the splice function with a ktls socket as its destination. This flaw potentially allows a local user to crash the system or escalate their privileges, posing significant security risks to systems utilizing affected versions of the Linux kernel.",Red Hat,"Kernel,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Fedora",7.8,HIGH,0.0004400000034365803,false,true,false,false,,false,false,2024-01-17T15:16:45.148Z,0
CVE-2024-0565,https://securityvulnerability.io/vulnerability/CVE-2024-0565,Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client,"A vulnerability has been identified in the Linux Kernel's SMB Client component, specifically within the receive_encrypted_standard function. This flaw arises from an integer underflow during memory copying operations, leading to an out-of-bounds memory read scenario. Exploitation of this issue could cause systems to experience a denial of service, rendering them temporarily inoperable. System administrators are advised to apply the necessary patches to secure their environments and prevent potential disruptions.",Red Hat,"Kernel,Kernel,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",7.4,HIGH,0.0038300000596791506,false,false,false,false,,false,false,2024-01-15T20:02:02.639Z,0
CVE-2024-0562,https://securityvulnerability.io/vulnerability/CVE-2024-0562,Kernel: use-after-free after removing device in wb_inode_writeback_end in mm/page-writeback.c,"A use-after-free flaw exists within the Linux Kernel, particularly triggered during the removal of a disk. This issue occurs when the bdi_unregister function is invoked to halt write-back processes, while still waiting for associated delayed work completion. Consequently, the wb_inode_writeback_end function might schedule bandwidth estimation tasks post-completion, leading to scenarios where a timer attempts to interact with bdi_writeback that has already been freed. This oversight poses risks for system stability and may negatively impact performance.",Red Hat,"kernel,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Virtualization 4 for Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2024-01-15T19:01:36.947Z,0