VIR Vulnerability Intelligence Relay

Search

Found 3,836 results in 1787ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2024-45491 critical 9.8 9.8 FIX rhel rockydebian debian libexpat_project 2y ago RHSA-2024:8859: xmlrpc-c security update (Moderate)
CVE-2024-45159 critical 9.8 9.8 FIX debian debian trustedfirmware 2y ago An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in…
CVE-2024-45158 critical 9.8 9.8 FIX debian debian trustedfirmware 2y ago An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest…
CVE-2024-37371 critical 9.1 9.1 FIX rhelarch arch rocky mit 2y ago RHSA-2025:1673: mysql:8.0 security update (Important)
CVE-2024-35845 critical 9.1 9.1 FIX rhel rocky sles 2y ago Important: kernel security update
CVE-2024-3596 critical 9.0 9.0 FIX rhel rockydebian debian freeradiusbroadcom 2y ago RHSA-2024:8860: krb5 security update (Important)
CVE-2024-4418 low 2.5 FIX rhel rocky sles 2y ago RHSA-2024:4351: virt:rhel and virt-devel:rhel security and bug fix update (Low)
CVE-2024-4032 low 2.5 FIX rhel rocky sles 2y ago Low: python3 security update
CVE-2024-35960 critical 9.1 9.1 FIX rhel rocky sles 2y ago Moderate: kernel security and bug fix update
CVE-2023-2953 low 2.5 FIX rocky slesdebian debian 2y ago RHSA-2024:4264: openldap security update (Low)
CVE-2024-5629 low 2.5 FIX rocky slesdebian debian 2y ago RHSA-2025:8419: python36:3.6 security update (Low)
CVE-2020-21710 low 2.5 FIX slesdebian debian rocky 2y ago RHSA-2024:2966: ghostscript security update (Low)
CVE-2024-35935 low 3.3 3.3 FIX slesdebian debian linux-kernel 2y ago In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path …
CVE-2024-35176 low 2.5 FIX rocky slesdebian debian 2y ago RHSA-2024:5338: pcs security update (Low)
CVE-2024-25629 low 2.5 FIX rheldebian debian rocky 2y ago RHSA-2024:4249: c-ares security update (Low)
CVE-2024-27053 critical 9.1 9.1 FIX slesdebian debian linux-kernel 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to th…
CVE-2023-6918 low 2.5 FIX rhel rocky sles 2y ago RHSA-2024:3233: libssh security update (Low)
CVE-2023-6004 low 2.5 FIX rhel rocky sles 2y ago RHSA-2024:3233: libssh security update (Low)
CVE-2023-52620 low 2.5 2.5 FIX rhel rocky sles 2y ago Important: kernel security, bug fix, and enhancement update
CVE-2023-3817 low 2.5 FIX rocky rhel sles 2y ago RHSA-2023:7877: openssl security update (Low)
CVE-2023-3446 low 2.5 FIX rocky rhel sles 2y ago RHSA-2024:0888: edk2 security update (Low)
CVE-2023-32636 low 2.5 FIX rhel slesdebian debian 2y ago Low: mingw-glib2 security update
CVE-2023-2975 low 2.5 FIX rhel slesdebian debian 2y ago Low: openssl and openssl-fips-provider security update
CVE-2023-1729 low 2.5 FIX rhel slesdebian debian 2y ago Low: LibRaw security update
CVE-2022-48554 low 2.5 FIX rheldebian debian rocky 2y ago File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
CVE-2024-3864 low 2.5 FIX rhel rockydebian debian 2y ago Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited…
CVE-2024-3861 low 2.5 FIX rhel rockydebian debian 2y ago If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 11…
CVE-2024-3859 low 2.5 FIX rhel rockydebian debian 2y ago On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox E…
CVE-2024-3857 low 2.5 FIX rhel rockydebian debian 2y ago The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, …
CVE-2024-3854 low 2.5 FIX rhel rockydebian debian 2y ago In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 11…
CVE-2024-3852 low 2.5 FIX rhel rockydebian debian 2y ago GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVE-2024-3302 low 2.5 FIX rhel rockydebian debian 2y ago There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firef…
CVE-2024-2609 low 2.5 FIX rhel rockydebian debian 2y ago The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR …
CVE-2024-3566 critical 9.8 9.8 FIX debian debian haskellnodejsphp 2y ago A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
CVE-2024-30166 critical 9.1 9.1 FIX debian debian trustedfirmware 2y ago In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 serv…
CVE-2024-28085 low 3.3 3.3 FIX slesdebian debian kernel 2y ago wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from …
CVE-2024-29944 critical 9.5 FIX rhel rockydebian debian 2y ago An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, …
CVE-2024-2616 critical 9.5 FIX rhel rockydebian debian 2y ago RHSA-2024:1484: firefox security update (Critical)
CVE-2024-27304 critical 9.8 9.8 FIX debian debian jackc 2y ago pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message si…
CVE-2024-2408 low 2.5 FIX rocky slesdebian debian 3y ago RHSA-2023:7877: openssl security update (Low)
CVE-2023-47359 critical 9.8 9.8 FIX debian debian videolan 3y ago Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
CVE-2023-4641 low 2.5 FIX rhel slesdebian debian 3y ago Low: shadow-utils security and bug fix update
CVE-2023-4016 low 2.5 FIX rhel rocky sles 3y ago RHSA-2023:7187: procps-ng security update (Low)
CVE-2023-32665 low 2.5 FIX rhel slesdebian debian 3y ago Low: glib2 security and bug fix update
CVE-2023-32611 low 2.5 FIX rhel slesdebian debian 3y ago Low: glib2 security and bug fix update
CVE-2023-32573 low 2.5 FIX rhel slesdebian debian 3y ago In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
CVE-2023-2977 low 2.5 FIX rhel slesdebian debian 3y ago RHSA-2023:7160: opensc security and bug fix update (Low)
CVE-2023-29499 low 2.5 FIX rhel slesdebian debian 3y ago Low: glib2 security and bug fix update
CVE-2023-22745 low 2.5 FIX rhel slesdebian debian 3y ago RHSA-2023:7166: tpm2-tss security and enhancement update (Low)
CVE-2021-43618 low 2.5 FIX rhelarch arch sles 3y ago Low: gmp security and enhancement update
CVE-2021-3826 low 2.5 FIX rheldebian debian sles 3y ago Low: gdb security update
CVE-2023-46848 critical 9.5 FIX rhel sles rocky 3y ago Critical: squid security update
CVE-2023-46847 critical 9.5 FIX rhel rocky sles 3y ago RHSA-2023:7213: squid:4 security update (Critical)
CVE-2023-46846 critical 9.5 FIX rhel rocky sles 3y ago RHSA-2023:7213: squid:4 security update (Critical)
CVE-2023-38546 low 3.7 3.7 FIX rhelarch arch rocky haxx 3y ago This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application crea…
CVE-2023-38545 critical 9.8 9.8 FIX rhelarch archdebian debian haxxnetapp 3y ago This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it…
CVE-2023-45853 critical 9.5 FIX arch arch slesdebian debian 3y ago pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency
CVE-2023-45199 critical 9.8 9.8 FIX debian debian trustedfirmware 3y ago Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.
CVE-2023-22049 low 3.7 3.7 FIX rhel rocky sles 3y ago Moderate: java-1.8.0-openjdk security and bug fix update
CVE-2023-22045 low 3.7 3.7 FIX rhel rocky sles 3y ago Moderate: java-1.8.0-openjdk security and bug fix update
CVE-2023-22036 low 3.7 3.7 FIX rhel slesdebian debian 3y ago RHSA-2023:4175: java-11-openjdk security and bug fix update (Moderate)
CVE-2023-22006 low 3.1 3.1 FIX rhel slesdebian debian 3y ago RHSA-2023:4175: java-11-openjdk security and bug fix update (Moderate)
CVE-2023-29405 critical 9.5 FIX rheldebian debian rocky 3y ago RHSA-2023:3922: go-toolset:rhel8 security update (Critical)
CVE-2023-29404 critical 9.5 FIX rheldebian debian rocky 3y ago RHSA-2023:3922: go-toolset:rhel8 security update (Critical)
CVE-2023-29403 critical 9.5 FIX rheldebian debian rocky 3y ago RHSA-2023:3922: go-toolset:rhel8 security update (Critical)
CVE-2023-29402 critical 9.5 FIX rheldebian debian rocky 3y ago RHSA-2023:3922: go-toolset:rhel8 security update (Critical)
CVE-2023-20867 low 4.0 KEVFIX rhel rocky sles 3y ago VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the…
CVE-2016-9079 critical 10.0 KEVEXPFIX arch arch slesdebian debian 3y ago Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.
CVE-2022-43552 low 2.5 FIX rheldebian debian sles 3y ago A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operat…
CVE-2022-36227 low 2.5 FIX rocky rhel sles 3y ago RHSA-2023:3018: libarchive security update (Low)
CVE-2022-35252 low 2.5 FIX rheldebian debian sles 3y ago When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. …
CVE-2022-28805 low 2.5 FIX rhel slesdebian debian 3y ago Low: lua security update
CVE-2022-1615 low 2.5 FIX rhel slesdebian debian 3y ago RHSA-2023:2987: samba security, bug fix, and enhancement update (Low)
CVE-2023-21968 low 3.7 3.7 FIX rhel rocky sles oraclenetapp 3y ago RHSA-2023:4103: java-1.8.0-ibm security update (Important)
CVE-2022-41862 low 2.5 FIX rhel rocky sles 3y ago RHSA-2023:7016: libpq security update (Low)
CVE-2023-28531 critical 9.8 9.8 FIX debian debian openbsd 3y ago ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
CVE-2022-46393 critical 9.8 9.8 FIX slesdebian debianfedora fedora armtrustedfirmware 4y ago An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is en…
CVE-2022-45047 critical 9.8 9.8 FIX debian debian apache 4y ago Unsafe deserialization in Apache MINA SSHD
CVE-2022-2990 low 2.5 FIX rhel rocky sles 4y ago RHSA-2022:7822: container-tools:rhel8 security, bug fix, and enhancement update (Low)
CVE-2022-24736 low 2.5 FIX rhel sles rocky 4y ago RHSA-2022:7541: redis:6 security, bug fix, and enhancement update (Low)
CVE-2022-24735 low 2.5 FIX rhel sles rocky 4y ago RHSA-2022:7541: redis:6 security, bug fix, and enhancement update (Low)
CVE-2022-23645 low 2.5 FIX rhel rockydebian debian 4y ago RHSA-2022:7472: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Low)
CVE-2022-2211 low 2.5 FIX rhel sles rocky 4y ago RHSA-2022:7472: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Low)
CVE-2022-1122 low 2.5 FIX rhel sles rocky 4y ago RHSA-2022:7645: openjpeg2 security update (Low)
CVE-2022-0897 low 2.5 FIX rhel sles rocky 4y ago RHSA-2022:7472: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Low)
CVE-2021-46195 low 2.5 FIX rheldebian debian sles 4y ago Low: mingw-gcc security and bug fix update
CVE-2021-44269 low 2.5 FIX rhel sles rocky 4y ago RHSA-2022:7558: wavpack security update (Low)
CVE-2021-3507 low 2.5 FIX rhel sles rocky 4y ago A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers fr…
CVE-2020-23903 low 2.5 FIX rhelarch arch sles 4y ago Low: speex security update
CVE-2022-39399 low 3.7 3.7 FIX rhel sles rocky oraclenetappazul 4y ago RHSA-2022:7012: java-11-openjdk security and bug fix update (Moderate)
CVE-2022-21624 low 3.7 3.7 FIX rhel sles rocky oraclenetappazul 4y ago RHSA-2023:0128: java-1.8.0-ibm security update (Moderate)
CVE-2022-21619 low 3.7 3.7 FIX rhel sles rocky oraclenetappazul 4y ago RHSA-2023:0128: java-1.8.0-ibm security update (Moderate)
CVE-2022-3358 low 3.5 EXPFIX rhel slesdebian debian 4y ago Low: openssl security and bug fix update
CVE-2020-26269 critical 9.5 FIX arch archdebian debian 4y ago In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the direc…
CVE-2022-39269 critical 9.1 9.1 FIX debian debian teluu 4y ago PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SR…
CVE-2021-41556 critical 10.0 10.0 debian debianfedora fedora squirrel-lang 4y ago sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel …
CVE-2022-35409 critical 9.1 9.1 FIX debian debian armtrustedfirmware 4y ago An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap…
CVE-2022-32224 critical 9.8 9.8 FIX rocky slesdebian debian activerecord_project 4y ago Active Record RCE bug with Serialized Columns
CVE-2022-34835 critical 9.8 9.8 FIX slesdebian debian denx 4y ago In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md …
CVE-2020-13950 low 2.5 FIX debian debianarch arch sles 4y ago Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, le…