| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-33203 |
362 |
|
|
2023-05-18 |
2023-05-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device. |
|
2 |
CVE-2023-32573 |
369 |
|
|
2023-05-10 |
2023-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. |
|
3 |
CVE-2023-32233 |
416 |
|
|
2023-05-08 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. |
|
4 |
CVE-2023-28328 |
476 |
|
DoS |
2023-04-19 |
2023-05-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service. |
|
5 |
CVE-2023-28327 |
476 |
|
DoS |
2023-04-19 |
2023-04-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. |
|
6 |
CVE-2023-27561 |
706 |
|
|
2023-03-03 |
2023-04-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. |
|
7 |
CVE-2023-2700 |
401 |
|
|
2023-05-15 |
2023-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup. |
|
8 |
CVE-2023-2513 |
416 |
|
|
2023-05-08 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. |
|
9 |
CVE-2023-2491 |
77 |
|
Exec Code |
2023-05-17 |
2023-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. |
|
10 |
CVE-2023-2295 |
|
|
Exec Code |
2023-05-17 |
2023-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. |
|
11 |
CVE-2023-2203 |
416 |
|
DoS Exec Code |
2023-05-17 |
2023-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. |
|
12 |
CVE-2023-2194 |
787 |
|
Exec Code |
2023-04-20 |
2023-05-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. |
|
13 |
CVE-2023-1729 |
787 |
|
Overflow |
2023-05-15 |
2023-05-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. |
|
14 |
CVE-2023-1513 |
665 |
|
+Info |
2023-03-23 |
2023-05-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. |
|
15 |
CVE-2023-1380 |
125 |
|
DoS |
2023-03-27 |
2023-05-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. |
|
16 |
CVE-2023-1289 |
20 |
|
DoS |
2023-03-23 |
2023-03-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G. |
|
17 |
CVE-2023-1095 |
476 |
|
|
2023-02-28 |
2023-03-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference. |
|
18 |
CVE-2023-1073 |
787 |
|
Mem. Corr. |
2023-03-27 |
2023-05-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. |
|
19 |
CVE-2023-0778 |
367 |
|
|
2023-03-27 |
2023-04-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system. |
|
20 |
CVE-2023-0664 |
269 |
|
|
2023-03-29 |
2023-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. |
|
21 |
CVE-2023-0494 |
416 |
|
Exec Code |
2023-03-27 |
2023-03-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. |
|
22 |
CVE-2023-0361 |
203 |
|
|
2023-02-15 |
2023-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. |
|
23 |
CVE-2022-41862 |
|
|
|
2023-03-03 |
2023-04-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. |
|
24 |
CVE-2022-35653 |
79 |
|
Exec Code XSS |
2022-07-25 |
2022-07-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users. |
|
25 |
CVE-2022-34303 |
|
|
Exec Code Bypass |
2022-08-26 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. |
|
26 |
CVE-2022-34302 |
|
|
Exec Code Bypass |
2022-08-26 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. |
|
27 |
CVE-2022-34301 |
|
|
Exec Code Bypass |
2022-08-26 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. |
|
28 |
CVE-2022-27666 |
787 |
|
Overflow |
2022-03-23 |
2023-02-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. |
|
29 |
CVE-2022-27651 |
276 |
|
|
2022-04-04 |
2022-09-03 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity. |
|
30 |
CVE-2022-27650 |
276 |
|
|
2022-04-04 |
2022-11-28 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. |
|
31 |
CVE-2022-27649 |
276 |
|
|
2022-04-04 |
2022-07-22 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. |
|
32 |
CVE-2022-25310 |
119 |
|
DoS Overflow |
2022-09-06 |
2023-02-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service. |
|
33 |
CVE-2022-25309 |
122 |
|
DoS Overflow |
2022-09-06 |
2023-02-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service. |
|
34 |
CVE-2022-25308 |
121 |
|
DoS Overflow |
2022-09-06 |
2023-02-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service. |
|
35 |
CVE-2022-23645 |
125 |
|
|
2022-02-18 |
2022-03-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds. |
|
36 |
CVE-2022-21682 |
22 |
|
Dir. Trav. |
2022-01-13 |
2022-02-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will gain those permissions. Normally this will not be done, so this is not problem. However, if `--mirror-screenshots-url` is specified, then flatpak-builder will launch `flatpak build --nofilesystem=host appstream-utils mirror-screenshots` after finalization, which can lead to issues even with the `--nofilesystem=host` protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the `appstream-util` binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of `--nofilesystem=home` and `--nofilesystem=host`. |
|
37 |
CVE-2022-4904 |
20 |
|
DoS Overflow |
2023-03-06 |
2023-05-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. |
|
38 |
CVE-2022-4285 |
476 |
|
DoS |
2023-01-27 |
2023-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. |
|
39 |
CVE-2022-4283 |
416 |
|
Exec Code |
2022-12-14 |
2023-02-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. |
|
40 |
CVE-2022-4254 |
90 |
|
|
2023-02-01 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters |
|
41 |
CVE-2022-4144 |
125 |
|
DoS |
2022-11-29 |
2023-03-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition. |
|
42 |
CVE-2022-3821 |
193 |
|
DoS |
2022-11-08 |
2023-05-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. |
|
43 |
CVE-2022-3775 |
787 |
|
Exec Code Mem. Corr. |
2022-12-19 |
2022-12-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. |
|
44 |
CVE-2022-3707 |
415 |
|
|
2023-03-06 |
2023-05-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. |
|
45 |
CVE-2022-3560 |
22 |
|
+Priv Dir. Trav. |
2023-02-02 |
2023-02-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. |
|
46 |
CVE-2022-2990 |
842 |
|
Exec Code |
2022-09-13 |
2023-02-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. |
|
47 |
CVE-2022-2989 |
842 |
|
Exec Code |
2022-09-13 |
2023-02-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. |
|
48 |
CVE-2022-2964 |
119 |
|
Overflow |
2022-09-09 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. |
|
49 |
CVE-2022-2963 |
401 |
|
|
2022-10-14 |
2022-10-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. |
|
50 |
CVE-2022-2938 |
416 |
|
Mem. Corr. |
2022-08-23 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. |
