cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-5869,https://securityvulnerability.io/vulnerability/CVE-2023-5869,Postgresql: buffer overrun from integer overflow in array modification,"A flaw has been identified in PostgreSQL that enables authenticated users to execute arbitrary code due to a missing overflow check during SQL array value modifications. This vulnerability is triggered by an integer overflow resulting from specially crafted data, empowering users to write arbitrary bytes to memory and facilitating extensive read access to the server's memory. As a result, potential exploitation could lead to significant security risks within the database environment.",Red Hat,"Red Hat Advanced Cluster Security 4.2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.1 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Software Collections For Red Hat Enterprise Linux 7,Rhacs-3.74-rhel-8,Rhacs-4.1-rhel-8,Red Hat Enterprise Linux 6",8.8,HIGH,0.041519999504089355,false,,false,false,false,,,false,false,,2023-12-10T18:15:00.000Z,0
CVE-2023-46847,https://securityvulnerability.io/vulnerability/CVE-2023-46847,Squid: denial of service in http digest authentication,"Squid is affected by a vulnerability that enables remote attackers to exploit a Denial of Service condition through a buffer overflow. When configured to accept HTTP Digest Authentication, the software can be manipulated to write up to 2 MB of arbitrary data to heap memory, potentially crashing the service or consuming resources, leading to degraded performance or downtime.",Red Hat,"Red Hat Enterprise Linux 6 Extended Lifecycle Support,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7.6 Advanced Update Support,Red Hat Enterprise Linux 7.7 Advanced Update Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.1 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support",7.5,HIGH,0.036490000784397125,false,,false,false,false,,,false,false,,2023-11-03T08:15:00.000Z,0
CVE-2023-3972,https://securityvulnerability.io/vulnerability/CVE-2023-3972,Insights-client: unsafe handling of temporary files and directories,"A local privilege escalation vulnerability exists in the insights-client due to insecure file operations related to temporary files and directories. If unprivileged users create a specific directory before the insights-client is registered by root, they can set it to be writable. Once registered, an attacker leveraging this misconfiguration can introduce malicious scripts into the insights directory. This manipulation allows them to execute arbitrary code with root privileges, effectively bypassing SELinux protections, as the insights processes can disable SELinux system-wide.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.1 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 6",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-01T16:15:00.000Z,0
CVE-2023-5367,https://securityvulnerability.io/vulnerability/CVE-2023-5367,Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty,"A vulnerability exists in the Xorg-X11 Server that stems from an incorrect buffer offset calculation within the XIChangeDeviceProperty and RRChangeOutputProperty functions. This flaw can lead to out-of-bounds writes, which may enable attackers to escalate privileges or induce denial of service conditions. Addressing this issue is critical for maintaining the integrity and security of systems running affected versions of the Xorg-X11 Server.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.1 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6",7.8,HIGH,0.0013299999991431832,false,,false,false,false,,,false,false,,2023-10-25T20:15:00.000Z,0
CVE-2023-3899,https://securityvulnerability.io/vulnerability/CVE-2023-3899,Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration,"A vulnerability exists in Subscription Manager that permits local privilege escalation due to insufficient authorization controls. The D-Bus interface com.redhat.RHSM1 grants access to numerous methods for all users, enabling a low-privileged local user to manipulate the state of the registration. Particularly, the com.redhat.RHSM1.Config.SetAll() method allows unauthorized users to unregister the system or alter current entitlements. This can lead to setting arbitrary configurations in /etc/rhsm/rhsm.conf, which can be exploited for a local privilege escalation to gain unconfined root access.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.1 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 6",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-23T11:15:00.000Z,0
CVE-2023-3812,https://securityvulnerability.io/vulnerability/CVE-2023-3812,Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags,"An out-of-bounds memory access issue exists in the TUN/TAP device driver within the Linux kernel. This vulnerability allows a local user to exploit the generated networking packets that are excessively large when the 'napi frags' feature is enabled. If successfully exploited, this could lead to a system crash or potential escalation of privileges, compromising the system's overall security and integrity.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.1 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",7.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2023-07-24T16:15:00.000Z,0