|
121
|
6.8
-
|
MEDIUM
Physics
|
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protectio…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2023-4001
|
cpe:2.3:o:redhat:enterprise_linux:9.0:*
|
|
|
|
|
2024-11-21 17:34
2024-01-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
5.5
-
|
MEDIUM
Local
|
A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing ch…
|
CWE-476
NULL Pointer Dereference
|
CVE-2023-6915
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:44
2024-01-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
5.5
-
|
MEDIUM
Local
|
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
|
NVD-CWE-noinfo
|
CVE-2024-23301
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:57
2024-01-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
124
|
6.5
-
|
MEDIUM
Network
|
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the…
|
CWE-476
NULL Pointer Dereference
|
CVE-2023-6683
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:44
2024-01-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
5.5
-
|
MEDIUM
Local
|
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is o…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2024-0443
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:46
2024-01-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
6.5
-
|
MEDIUM
Network
|
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could p…
|
CWE-352
Origin Validation Error
|
CVE-2023-5455
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.4:* cpe:2.3:o:redhat:enterprise_linux…
|
|
|
|
|
2024-11-21 17:41
2024-01-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
7.8
-
|
HIGH
Local
|
It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use th…
|
CWE-125 CWE-787
Out-of-bounds Read Out-of-bounds Write
|
CVE-2021-3600
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 15:21
2024-01-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
4.8
-
|
MEDIUM
Local
|
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code in…
|
CWE-74
Injection
|
CVE-2023-6004
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:42
2024-01-4
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
3.3
-
|
LOW
Local
|
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions t…
|
CWE-416
Use After Free
|
CVE-2024-0217
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:46
2024-01-4
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
4.4
-
|
MEDIUM
Local
|
A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2023-7192
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:45
2024-01-3
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|