cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1481,https://securityvulnerability.io/vulnerability/CVE-2024-1481,FreeIPA kinit Denial of Service Vulnerability,"A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.",Red Hat,"Freeipa,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",5.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-04-10T20:39:31.175Z,0
CVE-2024-3094,https://securityvulnerability.io/vulnerability/CVE-2024-3094,"Malicious Code Discovered in xz Upstream Tarballs, Affecting liblzma and Other Dependent Packages","The XZ utility has been compromised due to malicious code introduced in the upstream tarballs starting from version 5.6.0. A sophisticated obfuscation technique is employed where the liblzma build process extracts a prebuilt object file hidden within a disguised test file in the source code. This manipulation alters specific functions in the liblzma library, which can be exploited by any software linked against it. Consequently, the modified liblzma library poses a risk as it can intercept and manipulate data interactions with software using this library, leading to potential data breaches and integrity issues across affected platforms.",Red Hat,"Xz,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Jboss Enterprise Application Platform 8,Fedora 38,Fedora 39",10,CRITICAL,0.635200023651123,false,true,false,true,true,true,true,2024-03-29T16:51:12.588Z,262103
CVE-2024-2307,https://securityvulnerability.io/vulnerability/CVE-2024-2307,OSBuild Composer Flaw Exposes Build Phase to MITM Attack,"A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.",Red Hat,"Osbuild-composer,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",,,0.00044999999227002263,false,false,false,false,,false,false,2024-03-19T16:16:31.902Z,0
CVE-2024-2496,https://securityvulnerability.io/vulnerability/CVE-2024-2496,"NULL pointer dereference flaw found in udevConnectListAllInterfaces() function, potentially leading to denial of service attack",A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.,Red Hat,"Libvirt,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Fedora 39",,,0.00044999999227002263,false,false,false,false,,false,false,2024-03-18T12:54:17.647Z,0
CVE-2024-21886,https://securityvulnerability.io/vulnerability/CVE-2024-21886,Heap Buffer Overflow Flaw in X.Org Server Could Lead to Application Crash or Remote Code Execution,"A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.",Red Hat,"Xorg-server,Xwayland,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Fedora",,,0.0004400000034365803,false,false,false,false,,false,false,2024-02-28T12:13:12.555Z,0
CVE-2023-3966,https://securityvulnerability.io/vulnerability/CVE-2023-3966,Crafted Geneve Packets May Cause Denial of Service and Invalid Memory Accesses in Open vSwitch,"A vulnerability in Open vSwitch has been identified where multiple versions are susceptible to maliciously crafted Geneve packets. This flaw has the potential to lead to denial of service by causing invalid memory accesses. Exploitation of this vulnerability necessitates that hardware offloading via the netlink path is enabled, making systems at risk particularly those that utilize specific network configurations.",Red Hat,"Openvswitch,Fast Datapath For Rhel 7,Fast Datapath For Rhel 8,Fast Datapath For Rhel 9,Red Hat Enterprise Linux 7,Red Hat Openshift Container Platform 3.11,Openstack Rdo,Fedora",7.5,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-02-22T12:15:53.128Z,0
CVE-2024-1454,https://securityvulnerability.io/vulnerability/CVE-2024-1454,Use-After-Free Vulnerability in AuthentIC Driver Could Lead to Compromised Card Management Operations,"The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.",Red Hat,"Opensc,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",3.4,LOW,0.0004600000102072954,false,false,false,false,,false,false,2024-02-12T22:29:58.226Z,0
CVE-2024-0229,https://securityvulnerability.io/vulnerability/CVE-2024-0229,"X.Org Server Vulnerability Could Lead to Application Crash, Privilege Escalation, or Remote Code Execution","The vulnerability arises from an out-of-bounds memory access flaw present in the X.Org server, a software that handles graphical displays in Unix-like operating systems. This flaw is triggered when a device that has been 'frozen' by a sync grab is subsequently reattached to a new master device, creating a condition where improper memory access can occur. Exploitation of this vulnerability may lead to application crashes, and in scenarios where the server operates with elevated privileges, it could enable local privilege escalation. Additionally, in environments that utilize SSH X11 forwarding, this defect poses a risk of remote code execution, presenting significant security challenges for users relying on this system.",Red Hat,"xorg-server,xwayland,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Fedora",7.8,HIGH,0.0012499999720603228,false,false,false,false,,false,false,2024-02-09T06:29:51.542Z,0
CVE-2024-1312,https://securityvulnerability.io/vulnerability/CVE-2024-1312,Use-After-Free Vulnerability in Linux Kernel Could Lead to System Crash,A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system.,Red Hat,"kernel,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",4.7,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2024-02-08T12:38:03.062Z,0
CVE-2024-1048,https://securityvulnerability.io/vulnerability/CVE-2024-1048,Grub2-Set-Bootflag Flaw May Cause Filesystem Issues,"A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.",Red Hat,"Grub2,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",3.3,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-02-06T17:30:35.360Z,0
CVE-2024-0911,https://securityvulnerability.io/vulnerability/CVE-2024-0911,Indent Vulnerability Could Lead to Application Crash,"A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.",Red Hat,"indent,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Fedora,Extra Packages for Enterprise Linux",5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2024-02-06T14:13:40.491Z,0
CVE-2024-0690,https://securityvulnerability.io/vulnerability/CVE-2024-0690,An Information Disclosure Flaw in Ansible-Core Could Lead to Sensitive Data Exposure,"An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.",Red Hat,"Ansible,Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora 38,Fedora 39,Extra Packages For Enterprise Linux 8",5.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-02-06T12:00:28.505Z,0
CVE-2024-0684,https://securityvulnerability.io/vulnerability/CVE-2024-0684,Heap Overflow in GNU coreutils' split Program Could Lead to Denial of Service,"A flaw was found in the GNU coreutils ""split"" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.",Red Hat,"coreutils,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2024-02-06T08:26:58.770Z,0
CVE-2023-6780,https://securityvulnerability.io/vulnerability/CVE-2023-6780,Glibc: integer overflow in __vsyslog_internal(),"An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.",Red Hat,"Glibc,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",5.3,MEDIUM,0.0009299999801442027,false,false,false,false,,false,false,2024-01-31T14:08:02.610Z,0
CVE-2023-6779,https://securityvulnerability.io/vulnerability/CVE-2023-6779,Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal(),"An off-by-one heap-based buffer overflow was identified in the __vsyslog_internal function within the glibc library. When the syslog and vsyslog functions are invoked with a message exceeding INT_MAX bytes, it leads to improper calculations of the buffer size allocated for the message. This flaw may cause application crashes and can potentially be exploited if the affected functions are manipulated. The vulnerability impacts glibc versions 2.37 and newer, necessitating immediate attention from system administrators and software developers utilizing this library.",Red Hat,"Glibc,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",7.5,HIGH,0.0015800000401213765,false,true,false,false,,false,false,2024-01-31T14:07:41.967Z,0
CVE-2023-6246,https://securityvulnerability.io/vulnerability/CVE-2023-6246,Heap-Based Buffer Overflow Vulnerability in glibc Library,"A heap-based buffer overflow vulnerability exists in the __vsyslog_internal function of the glibc library, which is crucial for logging system events through the syslog and vsyslog functionalities. The issue arises if the openlog function is not invoked or if it is invoked with a NULL ident argument, particularly when the program name exceeds 1024 bytes. This can lead to significant consequences, including application crashes and the potential for local privilege escalation, impacting systems using glibc version 2.36 and onward.",Red Hat,"Glibc,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",8.4,HIGH,0.015080000273883343,false,true,true,true,,true,false,2024-01-31T14:06:21.949Z,8944
CVE-2024-0914,https://securityvulnerability.io/vulnerability/CVE-2024-0914,Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin),"A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.",Red Hat,"Opencryptoki,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Fedora",5.9,MEDIUM,0.0011099999537691474,false,false,false,false,,false,false,2024-01-31T04:53:28.508Z,0
CVE-2024-0564,https://securityvulnerability.io/vulnerability/CVE-2024-0564,Kernel: max page sharing of kernel samepage merging (ksm) may cause memory deduplication,"A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is ""max page sharing=256"", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's ""max page share"". Through these operations, the attacker can leak the victim's page.",Red Hat,"kernel,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",6.5,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2024-01-30T15:01:08.057Z,0
CVE-2023-6200,https://securityvulnerability.io/vulnerability/CVE-2023-6200,Unauthenticated Attacker Could Execute Arbitrary Code via ICMPv6 Router Advertisement Packet,"A race condition has been identified in the Linux Kernel, which can be exploited under specific conditions. An unauthenticated attacker situated within an adjacent network may exploit this vulnerability by sending crafted ICMPv6 router advertisement packets. If successful, this attack could lead to arbitrary code execution, potentially compromising the integrity and security of the affected systems.",Red Hat,"kernel,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Virtualization 4,Fedora",7.5,HIGH,0.004679999779909849,false,false,false,false,,false,false,2024-01-28T12:19:24.885Z,0
CVE-2024-0775,https://securityvulnerability.io/vulnerability/CVE-2024-0775,Kernel: use-after-free while changing the mount option in __ext4_remount leading,"A use-after-free vulnerability exists in the ext4 file system within the Linux kernel. This flaw occurs due to improper handling of old quota file names, which can lead to inactive memory being accessed during a failure condition. A local user could exploit this issue to potentially leak sensitive information or impact system stability through unintended access to freed memory regions. The vulnerability resides specifically in the __ext4_remount function located in fs/ext4/super.c, making it crucial for system administrators to monitor and patch affected systems promptly to mitigate risks.",Red Hat,"Kernel,kernel,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",7.1,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2024-01-22T13:03:09.603Z,0
CVE-2024-0607,https://securityvulnerability.io/vulnerability/CVE-2024-0607,Kernel: nf_tables: pointer math issue in nft_byteorder_eval(),"A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.",Red Hat,"Kernel,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",6.6,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2024-01-18T15:41:14.425Z,0
CVE-2024-0409,https://securityvulnerability.io/vulnerability/CVE-2024-0409,Xorg-x11-server: selinux context corruption,"A vulnerability exists within the X.Org server that affects the cursor code utilized in both Xephyr and Xwayland. The issue arises from the use of an incorrect type of private at the cursor's creation, specifically using the cursor bits type. This misconfiguration leads to overwriting of the XSELINUX context during the cursor initialization process, potentially compromising system security and functionality. Users of these products should evaluate their configurations and consider applying relevant patches to mitigate potential risks associated with this vulnerability.",Red Hat,"Xorg-server,Xwayland,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2024-01-18T15:40:22.071Z,0
CVE-2024-0408,https://securityvulnerability.io/vulnerability/CVE-2024-0408,Xorg-x11-server: selinux unlabeled glx pbuffer,"A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.",Red Hat,"Xorg-server,Xwayland,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2024-01-18T15:40:06.955Z,0
CVE-2024-0646,https://securityvulnerability.io/vulnerability/CVE-2024-0646,Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination,"The vulnerability arises from an out-of-bounds memory write flaw in the Linux kernel's Transport Layer Security (TLS) functionality, specifically during a user-initiated call to the splice function with a ktls socket as its destination. This flaw potentially allows a local user to crash the system or escalate their privileges, posing significant security risks to systems utilizing affected versions of the Linux kernel.",Red Hat,"Kernel,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Fedora",7.8,HIGH,0.0004400000034365803,false,true,false,false,,false,false,2024-01-17T15:16:45.148Z,0
CVE-2024-0641,https://securityvulnerability.io/vulnerability/CVE-2024-0641,Kernel: deadlock leading to denial of service in tipc_crypto_key_revoke,A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.,Red Hat,"Kernel,kernel,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2024-01-17T15:15:45.272Z,0