cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-01-18
Updated
2024-03-07
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-01-18
Updated
2024-03-07
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
Max CVSS
7.5
EPSS Score
3.66%
Published
2024-02-14
Updated
2024-03-07

CVE-2023-44487

Known exploited
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Max CVSS
7.5
EPSS Score
70.59%
Published
2023-10-10
Updated
2024-02-02
CISA KEV Added
2023-10-10
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-07-14
Updated
2023-12-29
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-07-14
Updated
2023-12-29
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-07-10
Updated
2023-07-18
A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-07-10
Updated
2023-07-19
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-05-30
Updated
2023-08-31
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
Max CVSS
9.8
EPSS Score
0.39%
Published
2023-05-30
Updated
2023-08-31
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-05-30
Updated
2024-02-22
A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.
Max CVSS
6.2
EPSS Score
0.06%
Published
2023-07-10
Updated
2023-08-13

CVE-2023-32373

Known exploited
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Max CVSS
8.8
EPSS Score
0.11%
Published
2023-06-23
Updated
2024-01-05
CISA KEV Added
2023-05-22
A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.
Max CVSS
6.2
EPSS Score
0.06%
Published
2023-07-10
Updated
2023-07-19
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
Max CVSS
4.3
EPSS Score
0.11%
Published
2023-11-16
Updated
2024-01-11
Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.
Max CVSS
7.5
EPSS Score
0.97%
Published
2023-11-03
Updated
2024-02-12
A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.
Max CVSS
7.1
EPSS Score
0.04%
Published
2023-08-16
Updated
2024-01-12
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.
Max CVSS
7.1
EPSS Score
0.06%
Published
2023-09-25
Updated
2023-09-26
A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-07-11
Updated
2023-10-10
A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.
Max CVSS
3.3
EPSS Score
0.05%
Published
2023-06-06
Updated
2023-11-30
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-05-08
Updated
2023-05-15
A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-05-26
Updated
2023-06-02
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Max CVSS
6.5
EPSS Score
0.13%
Published
2023-08-11
Updated
2023-08-27
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-06-16
Updated
2023-05-22
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-06-16
Updated
2023-05-22
488 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!