Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
14393 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-32636 | 2 Gnome, Redhat | 2 Glib, Enterprise Linux | 2025-02-13 | 4.7 Medium |
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. | ||||
CVE-2023-32627 | 3 Fedoraproject, Redhat, Sox Project | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2025-02-13 | 6.2 Medium |
A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. | ||||
CVE-2023-32611 | 2 Gnome, Redhat | 2 Glib, Enterprise Linux | 2025-02-13 | 5.5 Medium |
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. | ||||
CVE-2023-32559 | 2 Nodejs, Redhat | 4 Node.js, Nodejs, Enterprise Linux and 1 more | 2025-02-13 | 7.5 High |
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | ||||
CVE-2023-32393 | 2 Apple, Redhat | 6 Ipados, Iphone Os, Macos and 3 more | 2025-02-13 | 8.8 High |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution. | ||||
CVE-2023-32370 | 4 Apple, Redhat, Webkitgtk and 1 more | 4 Macos, Enterprise Linux, Webkitgtk and 1 more | 2025-02-13 | 5.3 Medium |
A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail. | ||||
CVE-2023-32360 | 2 Apple, Redhat | 6 Macos, Enterprise Linux, Rhel Aus and 3 more | 2025-02-13 | 5.5 Medium |
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents. | ||||
CVE-2023-32359 | 2 Apple, Redhat | 3 Ipados, Iphone Os, Enterprise Linux | 2025-02-13 | 7.5 High |
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver. | ||||
CVE-2023-32324 | 3 Debian, Openprinting, Redhat | 4 Debian Linux, Cups, Enterprise Linux and 1 more | 2025-02-13 | 7.5 High |
OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication. | ||||
CVE-2023-32254 | 3 Linux, Netapp, Redhat | 7 Linux Kernel, H300s, H410s and 4 more | 2025-02-13 | 9.8 Critical |
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel. | ||||
CVE-2023-32250 | 3 Linux, Netapp, Redhat | 8 Linux Kernel, H300s, H410s and 5 more | 2025-02-13 | 9 Critical |
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel. | ||||
CVE-2023-32067 | 5 C-ares, C-ares Project, Debian and 2 more | 10 C-ares, C-ares, Debian Linux and 7 more | 2025-02-13 | 7.5 High |
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. | ||||
CVE-2023-32006 | 3 Fedoraproject, Nodejs, Redhat | 4 Fedora, Node.js, Enterprise Linux and 1 more | 2025-02-13 | 8.8 High |
The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | ||||
CVE-2023-32002 | 2 Nodejs, Redhat | 4 Node.js, Nodejs, Enterprise Linux and 1 more | 2025-02-13 | 9.8 Critical |
The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | ||||
CVE-2023-31147 | 3 C-ares Project, Fedoraproject, Redhat | 5 C-ares, Fedora, Enterprise Linux and 2 more | 2025-02-13 | 5.9 Medium |
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. | ||||
CVE-2023-30590 | 2 Nodejs, Redhat | 3 Node.js, Enterprise Linux, Rhel Eus | 2025-02-13 | 7.5 High |
The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values". The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad. | ||||
CVE-2023-30588 | 2 Nodejs, Redhat | 3 Node.js, Enterprise Linux, Rhel Eus | 2025-02-13 | 5.3 Medium |
When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20. | ||||
CVE-2021-30666 | 2 Apple, Redhat | 2 Iphone Os, Enterprise Linux | 2025-02-13 | 8.8 High |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
CVE-2023-29499 | 2 Gnome, Redhat | 2 Glib, Enterprise Linux | 2025-02-13 | 5.5 Medium |
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. | ||||
CVE-2021-30761 | 2 Apple, Redhat | 2 Iphone Os, Enterprise Linux | 2025-02-13 | 8.8 High |
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. |