Lucene search
K
RedhatCodeready Linux Builder Eus

20 matches found

CVE
CVE
added 2023/10/03 5:25 p.m.1379 views

CVE-2023-4911

CVE-2023-4911 is a buffer overflow in the GNU C Library ld.so when processing GLIBC_TUNABLES, enabling local privilege escalation via malicious GLIBC_TUNABLES values when launching binaries with SUID. Affected: glibc, with versions older than 2.38-6 (per CBLMARINER:34733) and older listings notin...

7.8CVSS8.2AI score0.81422EPSS
In wild
CVE
CVE
added 2023/03/06 12:0 a.m.1282 views

CVE-2019-8720

CVE-2019-8720 is a WebKit-based memory-corruption vulnerability affecting WebKitGTK/WebKit2GTK components. Public sources in the Connected Documents identify arbitrary-code-execution potential when processing malicious web content (WebKitGTK/WebKit2GTK). Debian’s security advisory lists CVE-2019-...

8.8CVSS8.8AI score0.01543EPSS
In wild
CVE
CVE
added 2023/12/10 5:56 p.m.1141 views

CVE-2023-5869

CVE-2023-5869 (PostgreSQL) : A flaw in PostgreSQL enables authenticated database users to execute arbitrary code via missing overflow checks during SQL array value modification, caused by an integer overflow when modifying arrays. The described impact includes arbitrary write/read of memory and p...

8.8CVSS9.2AI score0.04322EPSS
CVE
CVE
added 2023/09/18 4:32 p.m.860 views

CVE-2023-4527

CVE-2023-4527 concerns a flaw in the GNU C Library (glibc) where, when getaddrinfo is called with AF_UNSPEC and no-aaaa mode is set (via /etc/resolv.conf), a DNS TCP response larger than 2048 bytes could disclose stack contents in the returned address data and may crash the application. The issue...

6.5CVSS7.2AI score0.01508EPSS
CVE
CVE
added 2023/12/10 5:56 p.m.725 views

CVE-2023-5868

CVE-2023-5868 affects PostgreSQL memory handling via certain aggregate calls with unknown-type arguments, allowing remote access to parts of server memory through excessive output in aggregates. The issue is documented across multiple vendors' advisories, with remediation generally involving upgr...

4.3CVSS6.8AI score0.02775EPSS
CVE
CVE
added 2019/11/14 6:19 p.m.642 views

CVE-2019-11135

CVE-2019-11135 is a TSX Transactional Synchronization Extensions-related vulnerability in Intel CPUs causing potential information disclosure via a side channel when TSX Acknowledges an abort. The connected documents describe a subsequent issue (CVE-2019-19338) in the fix path for CVE-2019-11135 ...

6.5CVSS6.4AI score0.03133EPSS
CVE
CVE
added 2023/09/18 4:33 p.m.620 views

CVE-2023-4806

CVE-2023-4806 affects glibc’s getaddrinfo in an extremely rare NSS module configuration where only certain nss * gethostbyname2_r/getcanonname_r hooks are implemented and the _gethostbyname3_r hook is missing. The flaw can cause getaddrinfo to access memory that has been freed, potentially crashi...

5.9CVSS6.3AI score0.01439EPSS
CVE
CVE
added 2023/12/10 5:58 p.m.581 views

CVE-2023-5870

Summary (CVE-2023-5870) : PostgreSQL vulnerability where the pg_cancel_backend role can signal background workers (including the autovacuum launcher and logical replication launcher). The underlying issue is that signaling is possible for non-core extensions with less-resilient background workers...

4.4CVSS6.4AI score0.02555EPSS
CVE
CVE
added 2022/03/25 12:0 a.m.573 views

CVE-2022-0435

CVE-2022-0435 is a Linux kernel TIPc stack overflow issue. The vulnerability occurs in TIPc domain record handling when a peer sends a domain with more than 64 members, enabling a remote attacker with access to the TIPc network to crash the system and potentially escalate privileges. Connected ad...

9CVSS9AI score0.67994EPSS
CVE
CVE
added 2022/03/25 12:0 a.m.493 views

CVE-2022-0330

CVE-2022-0330 affects the Linux kernel i915 GPU driver. The root cause is a missing GPU TLB flush in the i915 driver, enabling a local attacker to cause a denial of service or privilege escalation by running code on the GPU. Public documents from connected sources confirm the flaw and its associa...

7.8CVSS7.7AI score0.00379EPSS
CVE
CVE
added 2019/11/25 10:51 a.m.487 views

CVE-2019-14815

CVE-2019-14815 is a Linux kernel issue in the Marvell Mwifiex WiFi driver, described in the connected F5 advisory as a heap overflow in mwifiex_set_wmm_params(). The initial document also notes a heap overflow in this driver. The provided sources do not include explicit exploit details, affected ...

7.8CVSS8.6AI score0.00488EPSS
CVE
CVE
added 2022/03/03 6:24 p.m.357 views

CVE-2021-3609

CVE-2021-3609 is a local privilege-escalation flaw in the Linux kernel CAN BCM subsystem. A race in net/can/bcm.c between bcm_rx_handler() and bcm_release() can free bcm_op/bcm_sock structures while the handler runs, enabling use-after-free and root access. Public advisories consistently describe...

7CVSS7.2AI score0.00431EPSS
CVE
CVE
added 2022/03/04 3:55 p.m.307 views

CVE-2021-3744

CVE-2021-3744 is a memory-leak DoS in the Linux kernel: the flaw occurs in the ccp_run_aes_gcm_cmd() function (drivers/crypto/ccp/ccp-ops.c), allowing memory consumption-based denial of service. Connected advisories (Astra Linux and Amazon Linux 2 kernel updates) confirm the same root cause and n...

5.5CVSS6AI score0.00533EPSS
CVE
CVE
added 2024/02/15 5:4 a.m.302 views

CVE-2024-1488

CVE-2024-1488 affects Unbound where the default permissions allow a local attacker outside the unbound group to alter the running resolver via localhost:8953. The impact can include changing forwarders, monitoring queries, or disrupting resolution. Remediation guidance appears in the MiracleLinux...

8CVSS7.5AI score0.00318EPSS
CVE
CVE
added 2024/02/07 9:4 p.m.299 views

CVE-2023-6535

CVE-2023-6535 affects the Linux kernel NVMe driver. A crafted TCP packet sequence over NVMe over TCP may cause a NULL pointer dereference in the NVMe driver, leading to a kernel panic and denial of service. Connected documents confirm the same vulnerability text and its presence in multiple advis...

7.5CVSS6.9AI score0.01549EPSS
CVE
CVE
added 2023/10/23 9:58 p.m.288 views

CVE-2023-5633

CVE-2023-5633 is documented in an IBM QRadar SIEM bulletin as a Linux Kernel use-after-free vulnerability: a memory-management flaw in handling memory objects for GEM objects can allow a local, authenticated attacker to gain elevated privileges within a VM with 3D acceleration (VMware guest). The...

7.8CVSS6.8AI score0.00282EPSS
CVE
CVE
added 2024/02/07 9:5 p.m.284 views

CVE-2023-6536

CVE-2023-6536 is a Linux kernel NVMe over TCP issue. The connected documents confirm a NULL pointer dereference in the NVMe target (nvmet_tcp_build_iovec and related paths) that could cause a kernel panic and denial of service. Affected software is the Linux kernel’s NVMe over TCP stack (nvmet_tc...

7.5CVSS6.9AI score0.01537EPSS
CVE
CVE
added 2024/02/07 9:4 p.m.272 views

CVE-2023-6356

CVE-2023-6356 is a Linux kernel vulnerability in the NVMe driver affecting NVMe over TCP. The connected Nessus entries enumerate the issue as a NULL pointer dereference in the NVMe target path (nvmet_tcp_build_iovec/nvmet_tcp_execute_request/__nvmet_req_complete), which can lead to kernel panic a...

7.5CVSS7AI score0.01448EPSS
CVE
CVE
added 2024/04/18 7:6 p.m.202 views

CVE-2023-3758

CVE-2023-3758 affects the System Security Services Daemon (SSSD). A race condition causes GPO policy to be inconsistently applied for authenticated users, leading to improper authorization (granting or denying access). Publicly referenced advisories confirm this issue across multiple distribution...

7.1CVSS5.9AI score0.01033EPSS
CVE
CVE
added 2025/02/27 3:28 p.m.65 views

CVE-2025-1756

CVE-2025-1756 reports a local privilege escalation in mongosh when a crafted file is stored under C:\node_modules, affecting mongosh versions prior to 2.3.0. The vulnerability is described consistently across sources (NVD, MONGODB advisories, OSV, Nessus/NASL) as local, with low privileges requir...

7.8CVSS7.5AI score0.00138EPSS