cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11218,https://securityvulnerability.io/vulnerability/CVE-2024-11218,Container Breakout Vulnerability in Podman and Buildah,"A vulnerability exists in Podman and Buildah that allows for a container breakout, particularly when using the '--jobs=2' option during the build process of a malicious Containerfile. This vulnerability exploits a race condition that may lead to the exposure of files and directories on the host system. Though using SELinux can provide some degree of mitigation, it does not completely prevent the enumeration of sensitive host file systems, posing a risk for affected users.",Red Hat,"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Openshift Container Platform 4.16,Red Hat Openshift Container Platform 4.17,Red Hat Enterprise Linux 8,Red Hat Openshift Container Platform 4",8.6,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-22T04:55:30.649Z,359
CVE-2024-12085,https://securityvulnerability.io/vulnerability/CVE-2024-12085,Rsync Daemon Memory Leak Vulnerability in Red Hat Products,"A vulnerability exists in the rsync daemon which can be exploited during the comparison of file checksums. An attacker can manipulate the checksum length, leading to potential leaks of one byte of uninitialized stack data at a time. This weakness could allow unauthorized access to sensitive information in memory, posing a security risk to affected systems.",Red Hat,"Red Hat Enterprise Linux 6 Extended Lifecycle Support  - Extension,Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Openshift Container Platform 4.15,Red Hat Openshift Container Platform 4.16,Red Hat Openshift Container Platform 4.17,Logging Subsystem For Red Hat Openshift",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,242
CVE-2024-9632,https://securityvulnerability.io/vulnerability/CVE-2024-9632,"X.org Server Flaw Allows Buffer Overflow, Denial of Service or Privilege Escalation","A flaw exists in the X.org server that stems from an improper handling of allocation size in the _XkbSetCompatMap function. This vulnerability allows a local attacker to potentially exploit this issue by sending a specially crafted payload, which could result in a buffer overflow condition. If successfully exploited, this vulnerability may lead to denial of service or enable local privilege escalation in environments where the X.org server operates with elevated permissions, specifically with root access. It is crucial for administrators to review their configurations and apply necessary security updates to mitigate the risks associated with this vulnerability.",Red Hat,",Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9.4 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-30T07:42:35.320Z,0
CVE-2024-9050,https://securityvulnerability.io/vulnerability/CVE-2024-9050,Networkmanager-libreswan: local privilege escalation via leftupdown,"A security flaw exists in the libreswan client plugin for NetworkManager, specifically within its handling of VPN configurations. This vulnerability arises from improper sanitation of the configuration input provided by local unprivileged users. This key-value format configuration management fails to adequately escape special characters, causing the application to misinterpret values as keys. This misconfiguration could allow malicious actors to manipulate key parameters such as 'leftupdown', which is capable of running executable commands. Because NetworkManager employs Polkit to permit unprivileged users to alter system network settings, an attacker could escalate privileges locally, potentially leading to root-level code execution on the affected system by crafting a malicious configuration.",Red Hat,"Red Hat Enterprise Linux 7.7 Advanced Update Support,Red Hat Enterprise Linux 7 Extended Lifecycle Support,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 9",7.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-10-22T13:15:00.000Z,0
CVE-2024-4467,https://securityvulnerability.io/vulnerability/CVE-2024-4467,QEMU qemu-img Vulnerability: Memory or CPU Consumption Denial of Service,"A vulnerability exists in the QEMU disk image utility related to the 'info' command, where a specially crafted image file containing a specific JSON value can cause the qemu-img process to use an excessive amount of system resources. This behavior may result in resource exhaustion, potentially leading to a denial of service. The exploit can also enable unauthorized read/write access to existing external files on the host system, creating a significant security risk for affected environments.",Red Hat,"Advanced Virtualization For Rhel 8.2.1,Advanced Virtualization For Rhel 8.4.0.eus,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Openshift Virtualization 4",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-02T16:15:00.000Z,0
CVE-2024-3183,https://securityvulnerability.io/vulnerability/CVE-2024-3183,FreeIPA Vulnerability Allows Brute Force Attacks on Principal Passwords,"A vulnerability exists in FreeIPA related to the Kerberos ticket-granting service (TGS) request encryption method used during the authentication process. The issue arises when a TGS-REQ is encrypted with the client's session key, while the contained ticket relies on the target principal key for encryption. This situation exposes user principals to potential compromise, as the target key is derived from a password hash combined with a public, randomly-generated salt. If an attacker manages to compromise any principal, they can potentially decrypt tickets intended for other principals. This opens the door for brute-force attacks, allowing the acquisition of valid credentials by testing character strings against the encrypted tickets and salts offline.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.6 Telecommunications Update Service,Red Hat Enterprise Linux 8.6 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support",8.1,HIGH,0.0010499999625608325,false,,false,false,true,2024-08-14T23:24:58.000Z,true,false,false,,2024-06-12T08:18:51.691Z,0
CVE-2024-31083,https://securityvulnerability.io/vulnerability/CVE-2024-31083,Xorg-x11-server: use-after-free in procrenderaddglyphs,"A vulnerability has been identified in the ProcRenderAddGlyphs() function of Xorg servers, which stems from improper handling of glyphs during message processing. When AllocateGlyph() is invoked to manage new glyphs sent from clients to the X server, it results in multiple pointers pointing to non-refcounted glyphs. This mismanagement can lead to scenarios where ProcRenderAddGlyphs() unintentionally frees a glyph still in use, causing a potential use-after-free condition. An authenticated user may exploit this flaw by crafting specific requests, thereby enabling them to execute arbitrary code on affected systems.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-04-05T12:15:00.000Z,0
CVE-2024-31080,https://securityvulnerability.io/vulnerability/CVE-2024-31080,Xorg-x11-server: heap buffer overread/data leakage in procxigetselectedevents,"A vulnerability exists within the X.org server's ProcXIGetSelectedEvents() function due to a heap-based buffer over-read caused by improper handling of byte-swapped length values in replies. This issue can lead to unintended memory leakage and potential segmentation faults, especially when a malicious client with a different endianness triggers the condition. Although attackers cannot control the exact memory content being read, they can exploit this flaw to initiate out-of-bounds reads, causing the X server to access and potentially transmit sensitive heap memory values back to the client. This scenario may ultimately lead to a crash due to accessing unmapped memory pages.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6",7.3,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-04-04T14:15:00.000Z,0
CVE-2024-31081,https://securityvulnerability.io/vulnerability/CVE-2024-31081,Xorg-x11-server: heap buffer overread/data leakage in procxipassivegrabdevice,"A heap-based buffer over-read vulnerability exists in the X.org server's ProcXIPassiveGrabDevice() function. This vulnerability arises when byte-swapped length values are utilized in replies, which can create memory leakage scenarios and lead to segmentation faults. Specifically, this issue may be triggered by clients operating with differing endianness, allowing an attacker to exploit the X server's ability to read heap memory values and subsequently transmit them back to the client, potentially leading to a crash when an unmapped page is accessed. Although the attacker cannot dictate the precise memory content copied into the replies, small length values, typically represented as 32-bit integers, can prompt significant out-of-bounds read attempts.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6",7.3,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-04-04T14:15:00.000Z,0
CVE-2024-3019,https://securityvulnerability.io/vulnerability/CVE-2024-3019,Default pmproxy configuration exposes Redis server backend to local network,"A notable flaw has been identified in the Performance Co-Pilot (PCP) system, primarily affecting versions 4.3.4 and higher. The default configuration of the pmproxy service presents a security risk by exposing the underlying Redis server backend to the local network. This exposure enables the potential for remote command execution with the privileges of the Redis user. The vulnerability is particularly concerning since it can be exploited only when the pmproxy service is actively running. By default, pmproxy is not initiated automatically and requires manual activation, typically carried out through the 'Metrics settings' page of the Cockpit web interface. System administrators are advised to review and adjust configurations to mitigate the associated risks.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",8.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-03-28T18:32:43.298Z,0
CVE-2024-28834,https://securityvulnerability.io/vulnerability/CVE-2024-28834,GnuTLS Vulnerability Exposes Timing Side-Channel,"A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-03-21T13:29:11.532Z,0
CVE-2024-1753,https://securityvulnerability.io/vulnerability/CVE-2024-1753,Container Escape Vulnerability in Podman Build and Buildah,"A flaw exists within Buildah and Podman that permits containers to mount arbitrary locations from the host filesystem into build containers. This vulnerability can be exploited by utilizing a malicious Containerfile, where a deceptive image with a symbolic link to the root filesystem serves as the mount source. Such an operation can lead to the host's root filesystem being mounted inside the RUN step of the container build process, allowing full read-write access to the host filesystem during execution. This significant risk underscores the potential for complete container escape at build time, representing a serious threat to security and requiring immediate attention.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Openshift Container Platform 4.12,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.14,Red Hat Openshift Container Platform 4.15,Red Hat Enterprise Linux 7,Red Hat Openshift Container Platform 3.11",8.6,HIGH,0.0004400000034365803,false,,true,false,false,,,false,false,,2024-03-18T14:23:44.213Z,0
CVE-2024-21886,https://securityvulnerability.io/vulnerability/CVE-2024-21886,Heap Buffer Overflow Flaw in X.Org Server Could Lead to Application Crash or Remote Code Execution,"A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.",Red Hat,"Xorg-server,Xwayland,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Fedora",,,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-02-28T12:13:12.555Z,0
CVE-2024-21885,https://securityvulnerability.io/vulnerability/CVE-2024-21885,Heap Buffer Overflow Vulnerability in X.Org Server,"A flaw has been identified in the X.Org Server affecting the XISendDeviceHierarchyEvent function, which handles new device IDs. This flaw allows for the potential exceeding of allocated array lengths within the xXIHierarchyInfo struct, leading to a heap buffer overflow condition. Such overflow can result in critical issues like application crashes or the execution of arbitrary code within SSH X11 forwarding environments, posing significant security risks to affected systems.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-02-28T12:11:59.650Z,0
CVE-2024-1062,https://securityvulnerability.io/vulnerability/CVE-2024-1062,Heap Overflow Flaw Leads to Denial of Service in 389-ds-base,A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.,Red Hat,"Red Hat Directory Server 11.7 For Rhel 8,Red Hat Directory Server 11.8 For Rhel 8,Red Hat Directory Server 12.2 Eus For Rhel 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Directory Server 12,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9",5.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-02-12T13:04:39.944Z,0
CVE-2024-0229,https://securityvulnerability.io/vulnerability/CVE-2024-0229,"X.Org Server Vulnerability Could Lead to Application Crash, Privilege Escalation, or Remote Code Execution","The vulnerability arises from an out-of-bounds memory access flaw present in the X.Org server, a software that handles graphical displays in Unix-like operating systems. This flaw is triggered when a device that has been 'frozen' by a sync grab is subsequently reattached to a new master device, creating a condition where improper memory access can occur. Exploitation of this vulnerability may lead to application crashes, and in scenarios where the server operates with elevated privileges, it could enable local privilege escalation. Additionally, in environments that utilize SSH X11 forwarding, this defect poses a risk of remote code execution, presenting significant security challenges for users relying on this system.",Red Hat,"xorg-server,xwayland,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Enterprise Linux 6,Fedora",7.8,HIGH,0.0012499999720603228,false,,false,false,false,,,false,false,,2024-02-09T06:29:51.542Z,0
CVE-2023-6536,https://securityvulnerability.io/vulnerability/CVE-2023-6536,Linux Kernel NVMe Driver Vulnerability Leads to Kernel Panic and Denial of Service,"A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Rhol-5.8-rhel-9,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",6.5,MEDIUM,0.0014600000577047467,false,,false,false,false,,,false,false,,2024-02-07T21:05:13.716Z,0
CVE-2023-6535,https://securityvulnerability.io/vulnerability/CVE-2023-6535,Linux Kernel NVMe Driver Vulnerability Leads to Kernel Panic and Denial of Service,"A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Rhol-5.8-rhel-9,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",6.5,MEDIUM,0.001180000021122396,false,,false,false,false,,,false,false,,2024-02-07T21:04:21.409Z,0
CVE-2023-6356,https://securityvulnerability.io/vulnerability/CVE-2023-6356,Linux Kernel NVMe Driver Vulnerability Could Lead to Kernel Panic and Denial of Service,"A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Virtualization 4 For Red Hat Enterprise Linux 8,Rhol-5.8-rhel-9,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7",6.5,MEDIUM,0.0014600000577047467,false,,false,false,false,,,false,false,,2024-02-07T21:04:20.684Z,0
CVE-2023-40551,https://securityvulnerability.io/vulnerability/CVE-2023-40551,Shim: out of bounds read when parsing mz binaries,"An identified flaw in the MZ binary format used within Shim has the potential to enable an out-of-bounds read condition. This issue could result in system crashes or, more critically, the unintended exposure of sensitive data during the boot phase of the operating system. Proper mitigation strategies are essential to ensure the security and stability of affected systems.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support",5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-01-29T16:46:43.579Z,0
CVE-2023-40546,https://securityvulnerability.io/vulnerability/CVE-2023-40546,Shim: out-of-bounds read printing error messages,"A notable flaw has been identified within Shim which arises during the creation of new ESL variables. When Shim encounters an error while creating a new variable, it attempts to log an error message. However, the parameters utilized by the logging function do not align correctly with the expected format string, which may lead to a system crash under specific conditions. This vulnerability poses a risk to various Red Hat products that rely on Shim for their secure boot functionality, potentially interrupting their operation and affecting overall system stability.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support",6.2,MEDIUM,0.0006699999794363976,false,,false,false,false,,,false,false,,2024-01-29T16:29:26.258Z,0
CVE-2023-40549,https://securityvulnerability.io/vulnerability/CVE-2023-40549,Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file,"A flaw has been identified in Shim due to inadequate boundary checks during the loading of Portable Executable (PE) binaries. This vulnerability permits attackers to craft malicious PE binaries that exploit the flaw, subsequently causing the Shim component to crash. Such interruptions can result in service denial, posing risks to the stability and security of affected systems. It is crucial for users and administrators of impacted Red Hat products to apply available patches to mitigate potential threats.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support",6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-01-29T16:29:26.170Z,0
CVE-2023-40550,https://securityvulnerability.io/vulnerability/CVE-2023-40550,Shim: out-of-bound read in verify_buffer_sbat(),"An out-of-bounds read flaw has been identified within the Shim component, specifically during the validation of SBAT information. This vulnerability may allow for the unintentional exposure of sensitive data during the system’s boot phase. Organizations using Red Hat products with Shim should apply the latest security patches to mitigate the risks associated with this vulnerability, ensuring that their systems retain data integrity and security.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support",5.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-01-29T16:29:23.050Z,0
CVE-2023-40548,https://securityvulnerability.io/vulnerability/CVE-2023-40548,Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems,"A buffer overflow vulnerability exists in the Shim component of the 32-bit system environment. It arises from an addition operation that involves user-controlled values parsed from Portable Executable (PE) binaries used by Shim. This maliciously manipulated value is leveraged during memory allocation processes, which can lead to heap-based buffer overflow conditions. The potential consequences of this flaw include memory corruption that may result in system crashes or impact data integrity during crucial boot sequences. Rigorous attention to the associated advisories is recommended for users utilizing affected Shim versions.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support",7.4,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-01-29T14:53:44.319Z,0
CVE-2023-40547,https://securityvulnerability.io/vulnerability/CVE-2023-40547,Remote Code Execution Vulnerability in Shim Boot Support,"A significant security vulnerability exists in Shim boot support, which improperly trusts values controlled by an attacker during the parsing of HTTP responses. This flaw could allow malicious actors to create tailored HTTP requests, resulting in the ability to execute code remotely through a controlled out-of-bounds write. The vulnerability is particularly dangerous as it can be exploited in the critical early boot phase, necessitating an attacker to perform a Man-in-the-Middle attack or to compromise the boot server, thereby breaching system security.",Red Hat,"Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8.2 Advanced Update Support,Red Hat Enterprise Linux 8.2 Telecommunications Update Service,Red Hat Enterprise Linux 8.2 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support,Red Hat Enterprise Linux 8.4 Telecommunications Update Service,Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions,Red Hat Enterprise Linux 8.6 Extended Update Support,Red Hat Enterprise Linux 8.8 Extended Update Support,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Extended Update Support,Red Hat Enterprise Linux 9.2 Extended Update Support",8.3,HIGH,0.005400000140070915,false,,true,false,true,2024-11-24T23:15:03.000Z,,true,false,,2024-01-25T15:54:23.102Z,4224