Search Results (23516 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4132 4 Debian, Fedoraproject, Linux and 1 more 8 Debian Linux, Fedora, Linux Kernel and 5 more 2025-11-07 5.5 Medium
A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.
CVE-2023-3772 4 Debian, Fedoraproject, Linux and 1 more 8 Debian Linux, Fedora, Linux Kernel and 5 more 2025-11-07 5.5 Medium
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.
CVE-2023-3629 2 Infinispan, Redhat 4 Infinispan, Data Grid, Jboss Data Grid and 1 more 2025-11-07 4.3 Medium
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
CVE-2023-3628 2 Infinispan, Redhat 4 Infinispan, Data Grid, Jboss Data Grid and 1 more 2025-11-07 6.5 Medium
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
CVE-2023-4061 1 Redhat 3 Enterprise Linux, Jboss Enterprise Application Platform, Wildfly Core 2025-11-07 6.5 Medium
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.
CVE-2023-4853 2 Quarkus, Redhat 21 Quarkus, Build Of Optaplanner, Build Of Quarkus and 18 more 2025-11-07 8.1 High
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
CVE-2023-5408 1 Redhat 2 Openshift, Openshift Container Platform 2025-11-07 7.2 High
A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.
CVE-2023-4956 1 Redhat 1 Quay 2025-11-07 6.5 Medium
A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance.
CVE-2024-9683 1 Redhat 1 Quay 2025-11-07 4.8 Medium
A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement.  While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future.
CVE-2023-4693 2 Gnu, Redhat 2 Grub2, Enterprise Linux 2025-11-07 5.3 Medium
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.
CVE-2023-4692 2 Gnu, Redhat 2 Grub2, Enterprise Linux 2025-11-07 7.5 High
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
CVE-2024-1454 3 Fedoraproject, Opensc Project, Redhat 3 Fedora, Opensc, Enterprise Linux 2025-11-07 3.4 Low
The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.
CVE-2023-6004 3 Fedoraproject, Libssh, Redhat 3 Fedora, Libssh, Enterprise Linux 2025-11-07 4.8 Medium
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
CVE-2023-4959 1 Redhat 1 Quay 2025-11-07 6.5 Medium
A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges).
CVE-2023-3384 1 Redhat 1 Quay 2025-11-07 5.4 Medium
A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS).
CVE-2025-6196 2 Gnome, Redhat 2 Libgepub, Enterprise Linux 2025-11-06 5.5 Medium
A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.
CVE-2023-43789 3 Fedoraproject, Libxpm Project, Redhat 3 Fedora, Libxpm, Enterprise Linux 2025-11-06 5.5 Medium
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.
CVE-2023-43788 3 Fedoraproject, Redhat, X.org 3 Fedora, Enterprise Linux, Libxpm 2025-11-06 5.5 Medium
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.
CVE-2023-43787 3 Fedoraproject, Redhat, X.org 3 Fedora, Enterprise Linux, Libx11 2025-11-06 7.8 High
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
CVE-2023-43786 3 Fedoraproject, Redhat, X.org 3 Fedora, Enterprise Linux, Libx11 2025-11-06 5.5 Medium
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.