VIR Vulnerability Intelligence Relay

Search

Found 1,349 results in 459ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2024-6501 low 2.5 FIX rhel slesdebian debian 2y ago Low: NetworkManager security update
CVE-2024-6126 low 2.5 FIX rheldebian debian sles 2y ago A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
CVE-2024-5742 low 2.5 FIX rhel rocky sles 2y ago RHSA-2024:6986: nano security update (Low)
CVE-2024-4741 low 2.5 FIX rhel sles rocky 2y ago Low: openssl security update
CVE-2024-4603 low 2.5 FIX rhel sles rocky 2y ago Low: openssl security update
CVE-2024-29039 low 2.5 FIX rhel sles rocky 2y ago Low: tpm2-tools security update
CVE-2024-29038 low 2.5 FIX rhel sles rocky 2y ago Low: tpm2-tools security update
CVE-2024-26461 low 2.5 rhel sles rocky 2y ago RHSA-2024:3268: krb5 security update (Low)
CVE-2024-26458 low 2.5 rhel rocky sles 2y ago RHSA-2024:3268: krb5 security update (Low)
CVE-2024-2314 low 2.5 FIX rheldebian debian rocky 2y ago RHSA-2024:8831: bcc security update (Low)
CVE-2024-2313 low 2.5 FIX rheldebian debian rocky 2y ago RHSA-2024:8830: bpftrace security update (Low)
CVE-2021-3903 low 2.5 FIX rhelarch arch sles 2y ago vim is vulnerable to Heap-based Buffer Overflow
CVE-2024-36387 low 2.5 FIX debian debian rhel sles 2y ago Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
CVE-2024-47175 low 3.5 EXPFIX rhel rockydebian debian 2y ago Low: cups security update
CVE-2024-4418 low 2.5 FIX rhel rocky sles 2y ago RHSA-2024:4351: virt:rhel and virt-devel:rhel security and bug fix update (Low)
CVE-2023-2953 low 2.5 FIX rocky slesdebian debian 2y ago RHSA-2024:4264: openldap security update (Low)
CVE-2024-5629 low 2.5 FIX rocky slesdebian debian 2y ago RHSA-2025:8419: python36:3.6 security update (Low)
CVE-2020-21710 low 2.5 FIX slesdebian debian rocky 2y ago RHSA-2024:2966: ghostscript security update (Low)
CVE-2024-35935 low 3.3 3.3 FIX slesdebian debian linux-kernel 2y ago In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path …
CVE-2024-35176 low 2.5 FIX rocky slesdebian debian 2y ago RHSA-2024:5338: pcs security update (Low)
CVE-2024-25629 low 2.5 FIX rheldebian debian rocky 2y ago RHSA-2024:4249: c-ares security update (Low)
CVE-2023-6918 low 2.5 FIX rhel rocky sles 2y ago RHSA-2024:3233: libssh security update (Low)
CVE-2023-6004 low 2.5 FIX rhel rocky sles 2y ago RHSA-2024:3233: libssh security update (Low)
CVE-2023-52620 low 2.5 2.5 FIX rhel rocky sles 2y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters.
CVE-2023-3817 low 2.5 FIX rocky rhel sles 2y ago RHSA-2023:7877: openssl security update (Low)
CVE-2023-3446 low 2.5 FIX rocky rhel sles 2y ago RHSA-2024:0888: edk2 security update (Low)
CVE-2023-32636 low 2.5 FIX rhel slesdebian debian 2y ago Low: mingw-glib2 security update
CVE-2023-2975 low 2.5 FIX rhel slesdebian debian 2y ago Low: openssl and openssl-fips-provider security update
CVE-2023-1729 low 2.5 FIX rhel slesdebian debian 2y ago Low: LibRaw security update
CVE-2022-48554 low 2.5 FIX rheldebian debian rocky 2y ago File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
CVE-2024-3864 low 2.5 FIX rhel rockydebian debian 2y ago Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited…
CVE-2024-3861 low 2.5 FIX rhel rockydebian debian 2y ago If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 11…
CVE-2024-3859 low 2.5 FIX rhel rockydebian debian 2y ago On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox E…
CVE-2024-3857 low 2.5 FIX rhel rockydebian debian 2y ago The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, …
CVE-2024-3854 low 2.5 FIX rhel rockydebian debian 2y ago In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 11…
CVE-2024-3852 low 2.5 FIX rhel rockydebian debian 2y ago GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVE-2024-3302 low 2.5 FIX rhel rockydebian debian 2y ago There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firef…
CVE-2024-2609 low 2.5 FIX rhel rockydebian debian 2y ago The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR …
CVE-2024-28085 low 3.3 3.3 FIX slesdebian debian kernel 2y ago wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from …
CVE-2024-2408 low 2.5 FIX rocky slesdebian debian 3y ago RHSA-2023:7877: openssl security update (Low)
CVE-2023-4641 low 2.5 FIX rhel slesdebian debian 3y ago RHSA-2023:7112: shadow-utils security and bug fix update (Low)
CVE-2023-4016 low 2.5 FIX rhel rocky sles 3y ago RHSA-2023:7187: procps-ng security update (Low)
CVE-2023-32665 low 2.5 FIX rhel slesdebian debian 3y ago Low: glib2 security and bug fix update
CVE-2023-32611 low 2.5 FIX rhel slesdebian debian 3y ago Low: glib2 security and bug fix update
CVE-2023-32573 low 2.5 FIX rhel slesdebian debian 3y ago In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
CVE-2023-2977 low 2.5 FIX rhel slesdebian debian 3y ago RHSA-2023:7160: opensc security and bug fix update (Low)
CVE-2023-29499 low 2.5 FIX rhel slesdebian debian 3y ago Low: glib2 security and bug fix update
CVE-2023-22745 low 2.5 FIX rhel slesdebian debian 3y ago RHSA-2023:7166: tpm2-tss security and enhancement update (Low)
CVE-2021-3826 low 2.5 FIX rheldebian debian sles 3y ago Low: gdb security update
CVE-2023-38546 low 3.7 3.7 FIX rhelarch arch rocky haxx 3y ago This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application crea…
CVE-2023-22049 low 3.7 3.7 FIX rhel rocky sles 3y ago RHSA-2023:4877: java-1.8.0-ibm security update (Moderate)
CVE-2023-22045 low 3.7 3.7 FIX rhel rocky sles 3y ago RHSA-2023:4176: java-1.8.0-openjdk security and bug fix update (Moderate)
CVE-2023-22036 low 3.7 3.7 FIX rhel slesdebian debian 3y ago RHSA-2023:4175: java-11-openjdk security and bug fix update (Moderate)
CVE-2023-22006 low 3.1 3.1 FIX rhel slesdebian debian 3y ago RHSA-2023:4175: java-11-openjdk security and bug fix update (Moderate)
CVE-2023-20867 low 4.0 KEVFIX rhel rocky sles 3y ago VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the…
CVE-2022-43552 low 2.5 FIX rheldebian debian sles 3y ago A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operat…
CVE-2022-36227 low 2.5 FIX rocky rhel sles 3y ago RHSA-2023:3018: libarchive security update (Low)
CVE-2022-35252 low 2.5 FIX rheldebian debian sles 3y ago When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. …
CVE-2022-28805 low 2.5 FIX rhel slesdebian debian 3y ago Low: lua security update
CVE-2022-1615 low 2.5 FIX rhel slesdebian debian 3y ago RHSA-2023:2987: samba security, bug fix, and enhancement update (Low)
CVE-2023-21968 low 3.7 3.7 FIX rhel rocky sles oraclenetapp 3y ago RHSA-2023:4103: java-1.8.0-ibm security update (Important)
CVE-2022-41862 low 2.5 FIX rhel rocky sles 3y ago RHSA-2023:7016: libpq security update (Low)
CVE-2022-2990 low 2.5 FIX rhel rocky sles 4y ago RHSA-2022:7822: container-tools:rhel8 security, bug fix, and enhancement update (Low)
CVE-2022-24736 low 2.5 FIX rhel sles rocky 4y ago RHSA-2022:7541: redis:6 security, bug fix, and enhancement update (Low)
CVE-2022-24735 low 2.5 FIX rhel sles rocky 4y ago RHSA-2022:7541: redis:6 security, bug fix, and enhancement update (Low)
CVE-2022-23645 low 2.5 FIX rhel rockydebian debian 4y ago RHSA-2022:7472: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Low)
CVE-2022-2211 low 2.5 FIX rhel sles rocky 4y ago RHSA-2022:7472: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Low)
CVE-2022-1122 low 2.5 FIX rhel sles rocky 4y ago RHSA-2022:7645: openjpeg2 security update (Low)
CVE-2022-0897 low 2.5 FIX rhel sles rocky 4y ago RHSA-2022:7472: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Low)
CVE-2021-46195 low 2.5 FIX rheldebian debian sles 4y ago Low: mingw-gcc security and bug fix update
CVE-2021-44269 low 2.5 FIX rhel sles rocky 4y ago RHSA-2022:7558: wavpack security update (Low)
CVE-2021-3507 low 2.5 FIX rhel sles rocky 4y ago A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers fr…
CVE-2020-23903 low 2.5 FIX rhelarch arch sles 4y ago Low: speex security update
CVE-2022-39399 low 3.7 3.7 FIX rhel sles rocky oraclenetappazul 4y ago RHSA-2022:7012: java-11-openjdk security and bug fix update (Moderate)
CVE-2022-21624 low 3.7 3.7 FIX rhel sles rocky oraclenetappazul 4y ago RHSA-2023:0128: java-1.8.0-ibm security update (Moderate)
CVE-2022-21619 low 3.7 3.7 FIX rhel sles rocky oraclenetappazul 4y ago RHSA-2023:0128: java-1.8.0-ibm security update (Moderate)
CVE-2022-3358 low 3.5 EXPFIX rhel slesdebian debian 4y ago Low: openssl security and bug fix update
CVE-2020-13950 low 2.5 FIX debian debianarch arch sles 4y ago Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, le…
CVE-2020-22083 low 2.5 arch archdebian debian 4y ago ** DISPUTED ** jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and cl…
CVE-2011-4617 low 1.2 FIX debian debian python 4y ago virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.
CVE-2013-4278 low 3.5 FIX debian debian openstack 4y ago The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot…
CVE-2014-1948 low 2.6 FIX debian debian openstack 4y ago OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARN…
CVE-2014-0056 low 2.1 FIX ubuntu ubuntudebian debian openstack 4y ago The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants …
CVE-2013-4463 low 2.1 FIX debian debian openstack 4y ago OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumpti…
CVE-2013-4469 low 1.9 FIX debian debian openstack 4y ago OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (ho…
CVE-2014-1624 low 3.3 FIX slesdebian debian python 4y ago Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to …
CVE-2014-1934 low 3.3 FIX debian debiansuse suse travis_shirk 4y ago tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.
CVE-2017-3590 low 3.3 3.3 FIX debian debian oracle 4y ago Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 2.1.5 and earlier. Easily "exploitable" vulnerability allows…
CVE-2014-8991 low 2.1 FIX slesdebian debian pypa 4y ago pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
CVE-2013-1888 low 2.1 FIX fedora fedoradebian debian pypa 4y ago pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
CVE-2021-3981 low 2.5 FIX sles rockydebian debian 4y ago RHSA-2022:2110: grub2 security, bug fix, and enhancement update (Low)
CVE-2021-3634 low 2.5 FIX arch arch sles rocky 4y ago RHSA-2022:2031: libssh security, bug fix, and enhancement update (Low)
CVE-2021-3802 low 2.5 FIX sles rockydebian debian 4y ago RHSA-2022:1820: udisks2 security and bug fix update (Low)
CVE-2021-41229 low 2.5 FIX debian debianarch arch sles 4y ago RHSA-2022:2081: bluez security update (Low)
CVE-2021-23222 low 2.5 FIX arch arch sles rocky 4y ago RHSA-2022:1891: libpq security update (Low)
CVE-2020-17489 low 2.5 FIX slesdebian debian rocky 4y ago RHSA-2022:1814: gnome-shell security and bug fix update (Low)
CVE-2019-8506 low 5.0 KEVEXPFIX rockydebian debian rhel 4y ago A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
CVE-2010-0156 low 3.3 FIX debian debian puppet 4y ago Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or…
CVE-2021-4091 low 2.5 FIX debian debian sles rocky 4y ago RHSA-2022:0889: 389-ds:1.4 security and bug fix update (Low)
CVE-2021-36368 low 3.7 3.7 FIX slesdebian debian openbsd 4y ago An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to…