Lucene search

Enterprise Linux Security Vulnerabilities - February 2023

cve

CVE-2022-3560

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for sym...

5.5CVSS

5.2AI Score

0.0004EPSS

2023-02-02 09:22 PM

259

cve

CVE-2022-4254

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

8.8CVSS

8.4AI Score

0.004EPSS

2023-02-01 05:15 PM

239

cve

CVE-2023-0361

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to s...

7.4CVSS

7.3AI Score

0.002EPSS

2023-02-15 06:15 PM

184

cve

CVE-2023-1095

In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.

5.5CVSS

5.5AI Score

0.0004EPSS

2023-02-28 11:15 PM

157