|
131
|
6.7
-
|
MEDIUM
Local
|
A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This…
|
CWE-416
Use After Free
|
CVE-2024-0193
|
cpe:2.3:o:redhat:enterprise_linux:9.0:*
|
|
|
|
|
2024-11-21 17:46
2024-01-3
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
132
|
5.3
-
|
MEDIUM
Local
|
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_V…
|
CWE-787
Out-of-bounds Write
|
CVE-2023-6693
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux…
|
|
|
|
|
2024-11-21 17:44
2024-01-2
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
133
|
5.5
-
|
MEDIUM
Local
|
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to …
|
CWE-287
Improper Authentication
|
CVE-2023-4641
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:35
2023-12-28
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
134
|
7.0
-
|
HIGH
Local
|
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resis…
|
NVD-CWE-Other
|
CVE-2023-51767
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:38
2023-12-24
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
135
|
5.3
-
|
MEDIUM
Network
|
sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowi…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2023-51765
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:38
2023-12-24
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
136
|
5.3
-
|
MEDIUM
Network
|
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in re…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2023-51764
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:38
2023-12-24
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
137
|
7.0
-
|
HIGH
Local
|
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line d…
|
CWE-362
Race Condition
|
CVE-2023-6546
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:44
2023-12-22
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
138
|
5.3
-
|
MEDIUM
Network
|
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked,…
|
CWE-252
Unchecked Return Value
|
CVE-2023-6918
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:44
2023-12-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
139
|
5.9
-
|
MEDIUM
Network
|
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2023-48795
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 17:32
2023-12-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
140
|
5.4
-
|
MEDIUM
Network
|
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (X…
|
CWE-79
Cross-site Scripting
|
CVE-2023-6710
|
cpe:2.3:o:redhat:enterprise_linux:9.0:*
|
|
|
|
|
2024-11-21 17:44
2023-12-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|