CVE-2023-46219 vulnerabilities

Vulnerabilities for packages: curl...

IBM AIX Security Vulnerabilities

IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. A security vulnerability exists in IBM AIX that originated from a vulnerability that could allow an unprivileged local user to execute arbitrary commands using...

curl: cookie injection with none file

A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met...

CVE-2023-33202 vulnerabilities

Vulnerabilities for packages: gradle...

c-ares: buffer overflow in config_sortlist() due to missing string length check

A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity...

mariadb: server crash in JOIN_CACHE::free or in copy_fields

MariaDB v10.7 was discovered to contain an use-after-poison in in interceptormemset at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc...

insights-client: unsafe handling of temporary files and directories

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local...

CVE-2023-3676

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes...

SUSE CVE-2023-21917

unknown...

SUSE CVE-2023-36799

unknown...

libvpx: crash related to VP9 encoding in libvpx

A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a w...

SUSE CVE-2023-43907

OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c...

SUSE CVE-2023-42114

Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling o...

SUSE CVE-2023-3341

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

CVE-2022-3466

The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10....

CVE-2023-1576

Rejected reason: This is a duplicate of an earlier CVE, CVE-2022-47069...

Moderate: Red Hat Security Advisory: Logging Subsystem 5.7.6 - Red Hat OpenShift security update

Logging Subsystem 5.7.6 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Referenc...

SUSE CVE-2023-4874

Null pointer dereference when viewing a specially crafted email in Mutt 1.5.2 2.2.12...

CVE-2023-4638

Unknown description...

SUSE CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...