Enterprise Linux Security Vulnerabilities
A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of...
5.3CVSS
5.1AI Score
0.001EPSS
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379...
6.5CVSS
6.1AI Score
0.002EPSS
A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the...
7.8CVSS
7.2AI Score
0.0004EPSS
A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel...
6.7CVSS
6.5AI Score
0.0004EPSS
6.2CVSS
5.2AI Score
0.0004EPSS
A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...
4.7CVSS
4.6AI Score
0.0004EPSS
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer...
4.3CVSS
4.8AI Score
0.003EPSS
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original...
3.3CVSS
6.1AI Score
0.0004EPSS
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other...
3.3CVSS
4AI Score
0.0004EPSS
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code...
9.8CVSS
9.3AI Score
0.003EPSS
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS...
5.4CVSS
5AI Score
0.001EPSS
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning...
5.3CVSS
7AI Score
0.001EPSS
6.1CVSS
7.3AI Score
0.001EPSS
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to...
5.3CVSS
5AI Score
0.001EPSS
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR...
6.5CVSS
6.8AI Score
0.001EPSS
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and...
8.8CVSS
8.7AI Score
0.002EPSS
Students in "Only see own membership" groups could see other students in the group, which should be...
4.3CVSS
4.4AI Score
0.001EPSS
H5P metadata automatically populated the author with the user's username, which could be sensitive...
5.3CVSS
5.1AI Score
0.001EPSS
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and...
8.8CVSS
9.3AI Score
0.002EPSS
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value....
7.5CVSS
6.2AI Score
0.0004EPSS
A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device...
5.5CVSS
5.8AI Score
0.0004EPSS
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the...
6.5CVSS
5.9AI Score
0.001EPSS
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive...
7.5CVSS
6.4AI Score
0.001EPSS
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to...
4.5CVSS
4.3AI Score
0.001EPSS
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a...
6.4CVSS
6.3AI Score
0.0004EPSS
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock...
6.6CVSS
6.2AI Score
0.001EPSS
A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service...
6CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...
6.5CVSS
6.4AI Score
0.001EPSS
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1)...
7CVSS
7.1AI Score
0.0004EPSS
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates.....
9.8CVSS
9.1AI Score
0.002EPSS
A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the...
7CVSS
6.7AI Score
0.001EPSS
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest...
8.6CVSS
7.8AI Score
0.03EPSS
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only...
6.5CVSS
6.2AI Score
0.002EPSS
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native...
8.6CVSS
7.3AI Score
0.014EPSS
Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements...
7.5CVSS
7.3AI Score
0.005EPSS
A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example,...
6.5CVSS
6.1AI Score
0.001EPSS
An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of NameOffset in the...
8.1CVSS
8.4AI Score
0.001EPSS
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security...
9.3CVSS
6.1AI Score
0.003EPSS
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of...
6CVSS
5.9AI Score
0.0004EPSS
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of...
5.5CVSS
5.8AI Score
0.0004EPSS
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of...
5.5CVSS
5.2AI Score
0.0004EPSS
NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of...
6.5CVSS
5.7AI Score
0.0004EPSS
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name()...
6.2CVSS
5.3AI Score
0.0004EPSS
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer...
6.2CVSS
5.5AI Score
0.001EPSS
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label()...
6.2CVSS
5.3AI Score
0.0004EPSS
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse()...
6.2CVSS
5.3AI Score
0.0004EPSS
A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name...
6.2CVSS
5.3AI Score
0.0004EPSS
6.2CVSS
5.2AI Score
0.0004EPSS
A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff...
5.5CVSS
5AI Score
0.0004EPSS
A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel...
7CVSS
5.8AI Score
0.0004EPSS