A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
Source: Red Hat, Inc.
Max CVSS
8.3
EPSS Score
0.04%
Published
2024-05-09
Updated
2024-06-12
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.
Source: Red Hat, Inc.
Max CVSS
8.2
EPSS Score
0.05%
Published
2024-04-09
Updated
2024-04-18
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.
Source: Red Hat, Inc.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-05-28
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
Source: Red Hat, Inc.
Max CVSS
8.6
EPSS Score
0.05%
Published
2024-03-18
Updated
2024-05-24
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
Source: Red Hat, Inc.
Max CVSS
8.0
EPSS Score
0.05%
Published
2024-02-15
Updated
2024-05-08
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
Source: Red Hat, Inc.
Max CVSS
8.6
EPSS Score
1.36%
Published
2023-11-03
Updated
2023-12-14
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
Source: Red Hat, Inc.
Max CVSS
8.6
EPSS Score
3.03%
Published
2023-11-03
Updated
2024-02-16
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
Source: Red Hat, Inc.
Max CVSS
8.3
EPSS Score
2.52%
Published
2024-01-25
Updated
2024-06-10
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
Source: Red Hat, Inc.
Max CVSS
8.8
EPSS Score
0.15%
Published
2023-08-11
Updated
2024-02-16
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.
Source: Red Hat, Inc.
Max CVSS
8.2
EPSS Score
0.05%
Published
2023-10-04
Updated
2024-01-25

CVE-2023-32373

Known exploited
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Source: Apple Inc.
Max CVSS
8.8
EPSS Score
0.11%
Published
2023-06-23
Updated
2024-01-05
CISA KEV Added
2023-05-22
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
Source: Red Hat, Inc.
Max CVSS
8.8
EPSS Score
1.45%
Published
2023-12-10
Updated
2024-01-25
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.
Source: Red Hat, Inc.
Max CVSS
8.8
EPSS Score
2.51%
Published
2023-11-01
Updated
2024-06-18
This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.
Source: Red Hat, Inc.
Max CVSS
8.2
EPSS Score
0.04%
Published
2023-09-13
Updated
2023-12-28
A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
Source: Red Hat, Inc.
Max CVSS
8.8
EPSS Score
0.13%
Published
2023-05-17
Updated
2023-05-25
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
Source: Red Hat, Inc.
Max CVSS
8.6
EPSS Score
0.06%
Published
2023-03-06
Updated
2024-01-05
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
Source: Red Hat, Inc.
Max CVSS
8.8
EPSS Score
0.15%
Published
2023-02-01
Updated
2023-05-29
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.
Source: Red Hat, Inc.
Max CVSS
8.0
EPSS Score
0.28%
Published
2022-08-18
Updated
2022-12-02
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
Source: Red Hat, Inc.
Max CVSS
8.6
EPSS Score
0.29%
Published
2022-08-31
Updated
2022-09-06
A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code.
Source: Red Hat, Inc.
Max CVSS
8.2
EPSS Score
0.04%
Published
2022-06-21
Updated
2022-08-18
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
Source: Red Hat, Inc.
Max CVSS
8.8
EPSS Score
0.29%
Published
2022-04-29
Updated
2022-07-23
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. Therefore apps can grant themselves permissions without the consent of the user. Flatpak shows permissions to the user during install by reading them from the "xa.metadata" key in the commit metadata. This cannot contain a null terminator, because it is an untrusted GVariant. Flatpak compares these permissions to the *actual* metadata, from the "metadata" file to ensure it wasn't lied to. However, the actual metadata contents are loaded in several places where they are read as simple C-style strings. That means that, if the metadata file includes a null terminator, only the content of the file from *before* the terminator gets compared to xa.metadata. Thus, any permissions that appear in the metadata file after a null terminator are applied at runtime but not shown to the user. So maliciously crafted apps can give themselves hidden permissions. Users who have Flatpaks installed from untrusted sources are at risk in case the Flatpak has a maliciously crafted metadata file, either initially or in an update. This issue is patched in versions 1.12.3 and 1.10.6. As a workaround, users can manually check the permissions of installed apps by checking the metadata file or the xa.metadata key on the commit metadata.
Source: GitHub, Inc.
Max CVSS
8.6
EPSS Score
0.17%
Published
2022-01-12
Updated
2023-12-23
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.
Source: MITRE
Max CVSS
8.1
EPSS Score
0.85%
Published
2021-08-27
Updated
2023-05-30
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Source: Red Hat, Inc.
Max CVSS
8.8
EPSS Score
0.70%
Published
2021-06-01
Updated
2023-01-31
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
Source: Red Hat, Inc.
Max CVSS
8.1
EPSS Score
0.20%
Published
2022-03-04
Updated
2023-01-31
100 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!