cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-0911,https://securityvulnerability.io/vulnerability/CVE-2024-0911,Indent Vulnerability Could Lead to Application Crash,"A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.",Red Hat,"indent,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Fedora,Extra Packages for Enterprise Linux",5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2024-02-06T14:13:40.491Z,0
CVE-2024-0232,https://securityvulnerability.io/vulnerability/CVE-2024-0232,Sqlite: use-after-free bug in jsonparseaddnodearray,"A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.",Red Hat,"Sqlite,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora,Extra Packages For Enterprise Linux",5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-01-16T14:01:58.505Z,0
CVE-2023-6918,https://securityvulnerability.io/vulnerability/CVE-2023-6918,Libssh: missing checks for return values for digests,"A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.",Red Hat,"libssh,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora,Extra Packages for Enterprise Linux",5.3,MEDIUM,0.0013000000035390258,false,false,false,false,,false,false,2023-12-19T00:15:00.000Z,0
CVE-2023-2861,https://securityvulnerability.io/vulnerability/CVE-2023-2861,Qemu: 9pfs: improper access control on special files,"A vulnerability has been identified in QEMU's implementation of the 9p passthrough filesystem (9pfs). This flaw allows a malicious client to exploit the absence of restrictions on special file access on the host side. By creating and opening a device file within a shared folder, attackers can escape the intended boundaries of the exported 9p tree, potentially leading to unauthorized access to host resources. Organizations using affected versions of QEMU should evaluate their security posture and apply necessary updates.",Red Hat,"Qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Extra Packages For Enterprise Linux,Fedora",7.1,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2023-12-06T07:15:00.000Z,0
CVE-2023-5341,https://securityvulnerability.io/vulnerability/CVE-2023-5341,Imagemagick: heap use-after-free in coders/bmp.c,A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.,Red Hat,"Imagemagick,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Extra Packages For Enterprise Linux,Fedora",5.5,MEDIUM,0.0006000000284984708,false,false,false,false,,false,false,2023-11-19T10:15:00.000Z,0
CVE-2022-4132,https://securityvulnerability.io/vulnerability/CVE-2022-4132,Memory leak on tls connections,A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).,Red Hat,"Jss,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Jboss Web Server 3,Red Hat Jboss Web Server 5,Extra Packages For Enterprise Linux,Fedora",5.9,MEDIUM,0.0007900000200606883,false,false,false,false,,false,false,2023-10-04T11:26:11.191Z,0
CVE-2023-25586,https://securityvulnerability.io/vulnerability/CVE-2023-25586,Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized,A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.,Red Hat,"binutils,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora 36,Fedora 37,Extra Packages for Enterprise Linux 7,Fedora,Extra Packages for Enterprise Linux 8",5.5,MEDIUM,0.0005799999926239252,false,false,false,false,,false,false,2023-09-14T21:15:00.000Z,0
CVE-2023-25588,https://securityvulnerability.io/vulnerability/CVE-2023-25588,Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`,"A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.",Red Hat,"binutils,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora 37,Extra Packages for Enterprise Linux 8,Fedora 36,Extra Packages for Enterprise Linux 7,Fedora",5.5,MEDIUM,0.0005799999926239252,false,false,false,false,,false,false,2023-09-14T21:15:00.000Z,0
CVE-2023-25585,https://securityvulnerability.io/vulnerability/CVE-2023-25585,Field `file_table` of `struct module *module` is uninitialized,A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.,Red Hat,"binutils,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora 37,Fedora 36,Extra Packages for Enterprise Linux 8,Extra Packages for Enterprise Linux 7,Fedora",5.5,MEDIUM,0.0005799999926239252,false,false,false,false,,false,false,2023-09-14T21:15:00.000Z,0
CVE-2023-25584,https://securityvulnerability.io/vulnerability/CVE-2023-25584,Out of bounds read in parse_module function in bfd/vms-alpha.c,An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.,Red Hat,"Binutils,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Extra Packages For Enterprise Linux 8,Fedora 37,Fedora 36,Fedora,Extra Packages For Enterprise Linux 7",6.3,MEDIUM,0.000590000010561198,false,false,false,false,,false,false,2023-09-14T21:15:00.000Z,0
CVE-2023-32665,https://securityvulnerability.io/vulnerability/CVE-2023-32665,Gvariant deserialisation does not match spec for non-normal data,"A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.",Red Hat,"Glib2,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora 38,Extra Packages For Enterprise Linux,Fedora,Fedora 37",5.5,MEDIUM,0.0005799999926239252,false,false,false,false,,false,false,2023-09-14T20:15:00.000Z,0
CVE-2023-29499,https://securityvulnerability.io/vulnerability/CVE-2023-29499,Gvariant offset table entry size is not checked in is_normal(),"A vulnerability in GLib occurs when the GVariant deserialization process does not properly verify the input format, potentially leading to a denial of service. This flaw can disrupt systems that rely on GLib for handling data serialization and deserialization, making it crucial for developers and system administrators to implement necessary updates and fixes to maintain software stability and security.",Red Hat,"glib2,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Extra Packages for Enterprise Linux,Fedora 37,Fedora 38",7.5,HIGH,0.002050000010058284,false,false,false,false,,false,false,2023-09-14T20:15:00.000Z,0
CVE-2023-32611,https://securityvulnerability.io/vulnerability/CVE-2023-32611,G_variant_byteswap() can take a long time with some non-normal inputs,"A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.",Red Hat,"glib2,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Extra Packages for Enterprise Linux,Fedora 38,Fedora 37",5.5,MEDIUM,0.0005799999926239252,false,false,false,false,,false,false,2023-09-14T20:15:00.000Z,0
CVE-2023-2680,https://securityvulnerability.io/vulnerability/CVE-2023-2680,Dma reentrancy issue (incomplete fix for cve-2021-3750),"The vulnerability arises from an incomplete implementation of a previous fix for an earlier CVE, specifically related to the QEMU-KVM package in Red Hat Enterprise Linux 9.1. The version released under RHSA-2022:7967 inadvertently lacked the necessary correction for a known vulnerability identified as CVE-2021-3750, exposing systems to potential risks associated with that flaw. Users of Red Hat Enterprise Linux 9.1 should be aware of this issue and consider taking appropriate measures to mitigate any potential security threats.",Red Hat,"qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Red Hat OpenStack Platform 13 (Queens),Fedora,Extra Packages for Enterprise Linux",8.2,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-09-13T17:15:00.000Z,0
CVE-2023-3301,https://securityvulnerability.io/vulnerability/CVE-2023-3301,Triggerable assertion due to race condition in hot-unplug,A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.,Red Hat,"qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Red Hat OpenStack Platform 13 (Queens),Extra Packages for Enterprise Linux,Fedora",5.6,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-09-13T17:15:00.000Z,0
CVE-2023-4135,https://securityvulnerability.io/vulnerability/CVE-2023-4135,Out-of-bounds read information disclosure vulnerability,"A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.",Red Hat,"qemu-kvm,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Fedora,Extra Packages for Enterprise Linux",6.5,MEDIUM,0.0037499999161809683,false,false,false,false,,false,false,2023-08-04T14:15:00.000Z,0
CVE-2023-3180,https://securityvulnerability.io/vulnerability/CVE-2023-3180,Heap buffer overflow in virtio_crypto_sym_op_helper(),"A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.",Red Hat,"qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Fedora,Extra Packages for Enterprise Linux",6.5,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2023-08-03T15:15:00.000Z,0
CVE-2023-1386,https://securityvulnerability.io/vulnerability/CVE-2023-1386,Qemu: 9pfs: suid/sgid bits not dropped on file write,"An identified flaw in QEMU's 9p passthrough filesystem (9pfs) enables local users within a guest to manipulate executable files with SUID or SGID without proper restrictions on these privileged bits. In specific scenarios, this vulnerability can be exploited by malicious individuals in the guest environment, facilitating unauthorized privilege elevation within the guest and potentially impacting the host system's security.",Red Hat,"Qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Fedora,Extra Packages For Enterprise Linux",7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-07-24T16:15:00.000Z,0
CVE-2023-3603,https://securityvulnerability.io/vulnerability/CVE-2023-3603,Processing sftp server read may cause null dereference,"A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users.

Given this code is not in any released versions, no security releases have been issued.",Red Hat,"Libssh,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Extra Packages For Enterprise Linux 7,Fedora",3.1,LOW,0.0006200000061653554,false,false,false,false,,false,false,2023-07-21T20:15:00.000Z,0
CVE-2023-3354,https://securityvulnerability.io/vulnerability/CVE-2023-3354,Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service,"A vulnerability has been identified within the built-in VNC server of QEMU, where improper handling of client connections can lead to a NULL pointer dereference. When multiple clients connect to the VNC server, QEMU attempts to manage the number of connections by cleaning up previous connections. If a previous connection is in the handshake phase and subsequently fails, QEMU may attempt to clean up this connection again, resulting in this security flaw. This may allow a remote unauthenticated attacker to exploit this issue and trigger a denial of service.",Red Hat,"Qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Red Hat Openstack Platform 13 (queens),Fedora,Extra Packages For Enterprise Linux",7.5,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2023-07-11T17:15:00.000Z,0
CVE-2023-34432,https://securityvulnerability.io/vulnerability/CVE-2023-34432,Heap-buffer-overflow in src/formats_i.c,"A heap buffer overflow vulnerability exists in the lsx_readbuf function of Sox, specifically at sox/src/formats_i.c:98:16. This flaw poses risks such as denial of service, potential code execution, and information disclosure, allowing unauthorized access to sensitive data or system resources. Prompt mitigation is necessary to safeguard systems utilizing vulnerable versions of this audio processing tool.",Red Hat,"Sox,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Fedora,Extra Packages For Enterprise Linux",7.8,HIGH,0.0008099999977275729,false,false,false,false,,false,false,2023-07-10T21:15:00.000Z,0
CVE-2023-32627,https://securityvulnerability.io/vulnerability/CVE-2023-32627,Floating point exception in src/voc.c,"A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.",Red Hat,"Sox,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Extra Packages For Enterprise Linux,Fedora",6.2,MEDIUM,0.0006000000284984708,false,false,false,false,,false,false,2023-07-10T18:15:00.000Z,0
CVE-2023-34318,https://securityvulnerability.io/vulnerability/CVE-2023-34318,Heap-buffer-overflow in src/hcom.c,"A heap buffer overflow vulnerability has been identified in the Sox audio processing tool, specifically within the startread function. This flaw can be exploited to trigger a denial of service, execute arbitrary code, or disclose sensitive information, putting systems at risk. Users are advised to update to the latest version to mitigate potential threats.",Red Hat,"Sox,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Fedora,Extra Packages For Enterprise Linux",7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-07-10T18:15:00.000Z,0
CVE-2023-26590,https://securityvulnerability.io/vulnerability/CVE-2023-26590,Floating point exception in src/aiff.c,"A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.",Red Hat,"Sox,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Fedora,Extra Packages For Enterprise Linux",6.2,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-07-10T18:15:00.000Z,0