Lucene search

K
RedhatEnterprise Linux For Power Little Endian9.0 ppc64le

17 matches found

CVE
CVE
added 2024/07/01 1:15 p.m.5441 views

CVE-2024-6387

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

8.1CVSS8.5AI score0.75748EPSS
In wild
CVE
CVE
added 2023/10/03 6:15 p.m.1222 views

CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code...

7.8CVSS8.2AI score0.74116EPSS
In wild
CVE
CVE
added 2023/09/27 3:19 p.m.306 views

CVE-2023-5157

A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.

7.5CVSS7.2AI score0.00204EPSS
CVE
CVE
added 2024/10/09 3:15 p.m.298 views

CVE-2024-9675

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can...

7.8CVSS4.8AI score0.00082EPSS
CVE
CVE
added 2025/01/14 6:15 p.m.280 views

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

7.5CVSS7.5AI score0.01328EPSS
CVE
CVE
added 2024/02/15 5:15 a.m.258 views

CVE-2024-1488

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivi...

8CVSS7.5AI score0.00071EPSS
CVE
CVE
added 2023/11/06 7:15 a.m.253 views

CVE-2023-42669

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in th...

6.5CVSS7.7AI score0.00578EPSS
CVE
CVE
added 2023/10/23 10:15 p.m.237 views

CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user coul...

7.8CVSS6.8AI score0.00015EPSS
CVE
CVE
added 2023/12/27 4:15 p.m.191 views

CVE-2023-4641

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from t...

5.5CVSS5.8AI score0.00015EPSS
CVE
CVE
added 2024/01/31 2:15 p.m.161 views

CVE-2023-5992

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

5.9CVSS5.4AI score0.00206EPSS
CVE
CVE
added 2025/01/14 6:15 p.m.156 views

CVE-2024-12088

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the d...

7.5CVSS8AI score0.00583EPSS
CVE
CVE
added 2024/10/15 4:15 p.m.148 views

CVE-2024-9676

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (--u...

6.5CVSS6.9AI score0.02669EPSS
CVE
CVE
added 2025/01/14 6:15 p.m.131 views

CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper symli...

7.5CVSS6.5AI score0.0074EPSS
CVE
CVE
added 2023/07/24 4:15 p.m.118 views

CVE-2023-38200

A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.

7.5CVSS7.1AI score0.0021EPSS
CVE
CVE
added 2025/04/03 2:15 p.m.112 views

CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

7.4CVSS7.5AI score0.00054EPSS
CVE
CVE
added 2025/04/03 3:15 a.m.109 views

CVE-2025-2784

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

7CVSS7AI score0.00957EPSS
CVE
CVE
added 2023/08/25 5:15 p.m.104 views

CVE-2023-38201

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate ...

6.5CVSS6.4AI score0.00019EPSS