CVE-2026-1709

all versions

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (T

9.4CRITICAL

CVE-2025-13601

all versions

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string(

7.7HIGH

CVE-2025-6021

all versions

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-base

7.5HIGH

CVE-2025-3155

all versions

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerabilit

7.4HIGH

CVE-2025-2784

all versions

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_white

7.0HIGH

CVE-2024-12088

all versions

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link dest

6.5MEDIUM

CVE-2024-12087

all versions

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled

6.5MEDIUM

CVE-2024-12085

all versions

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate

7.5HIGH

CVE-2024-9676

all versions

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can c

6.5MEDIUM

CVE-2024-9675

all versions

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our

7.8HIGH

CVE-2024-6387

all versions

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to

8.1HIGH

CVE-2023-3758

all versions

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to

7.1HIGH

CVE-2022-24809

all versions

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only

6.5MEDIUM

CVE-2022-24808

all versions

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write

6.5MEDIUM

CVE-2022-24807

all versions

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a S

6.5MEDIUM

CVE-2022-24806

all versions

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write

6.5MEDIUM

CVE-2022-24805

all versions

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in t

6.5MEDIUM

CVE-2023-7250

all versions

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning clien

5.3MEDIUM

CVE-2024-1488

all versions

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modif

8.0HIGH

CVE-2023-6681

all versions

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible passwor

5.3MEDIUM

CVE-2023-5992

all versions

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This iss

5.6MEDIUM

CVE-2024-1086

all versions

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege es

7.8HIGH

CVE-2024-0409

all versions

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It u

7.8HIGH

CVE-2024-0408

all versions

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabe

5.5MEDIUM

CVE-2023-5455

all versions

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows

6.5MEDIUM

CVE-2023-4641

all versions

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on t

4.7MEDIUM

CVE-2023-5870

all versions

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replica

2.2LOW

CVE-2023-5869

all versions

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks

8.8HIGH

CVE-2023-5868

all versions

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting c

4.3MEDIUM

CVE-2023-42669

all versions

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack ele

6.5MEDIUM

CVE-2023-1476

all versions

A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs d

7.0HIGH

CVE-2023-46847

all versions

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of a

8.6HIGH

CVE-2023-46846

all versions

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Res

9.3CRITICAL

CVE-2023-3972

all versions

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of

7.8HIGH

CVE-2023-5367

all versions

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset

7.8HIGH

CVE-2023-5633

all versions

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way m

7.8HIGH

CVE-2023-4911

all versions

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment varia

7.8HIGH

CVE-2023-4732

all versions

A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a lo

4.7MEDIUM

CVE-2023-5157

all versions

A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a deni

7.5HIGH

CVE-2023-4806

all versions

A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been free

5.9MEDIUM

CVE-2023-4527

all versions

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured

6.5MEDIUM

CVE-2023-4813

all versions

A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resultin

5.9MEDIUM

CVE-2023-38201

all versions

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration.

6.5MEDIUM

CVE-2023-4042

all versions

A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it wa

5.5MEDIUM

CVE-2023-3899

all versions

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bu

7.8HIGH

CVE-2023-38200

all versions

A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against

7.5HIGH

CVE-2023-0494

all versions

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by

7.8HIGH

CVE-2019-8720

all versions

A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitr

8.8HIGH

CVE-2022-4254

all versions

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

8.8HIGH

CVE-2021-3697

all versions

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap.

7.0HIGH

CVE-2021-3696

all versions

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in

4.5MEDIUM

CVE-2021-3695

all versions

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to

4.5MEDIUM

CVE-2022-1227

all versions

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. O

8.8HIGH

CVE-2022-27649

all versions

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was foun

7.5HIGH

CVE-2022-0435

all versions

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious

8.8HIGH

CVE-2022-0330

all versions

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicio

7.8HIGH

CVE-2021-3733

all versions

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (s

6.5MEDIUM

CVE-2021-3737

all versions

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who

7.5HIGH

CVE-2021-3656

all versions

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual

8.8HIGH

CVE-2021-23214

all versions

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-th

8.1HIGH

CVE-2022-0492

all versions

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw,

7.8HIGH

CVE-2021-3620

all versions

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials i

5.5MEDIUM

CVE-2021-3602

all versions

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in contain

5.5MEDIUM

CVE-2021-3677

all versions

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, a

6.5MEDIUM

CVE-2021-44142

all versions

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients

8.8HIGH

CVE-2021-4091

all versions

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a

7.5HIGH

CVE-2021-3930

all versions

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_s

6.5MEDIUM

CVE-2020-25719

all versions

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The S

7.2HIGH

CVE-2020-25717

all versions

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possibl

8.1HIGH

CVE-2016-2124

all versions

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext passw

5.9MEDIUM

CVE-2021-3551

all versions

A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installat

7.8HIGH

CVE-2021-4034

all versions

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed

7.8HIGH

CVE-2021-3672

all versions

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can

5.6MEDIUM

CVE-2021-40438

all versions

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue a

9.0CRITICAL

CVE-2020-27842

all versions

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be process

5.5MEDIUM

CVE-2020-9490

all versions

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would re

7.5HIGH

CVE-2020-8945

all versions

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pull

7.5HIGH

CVE-2019-19906

all versions

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via

7.5HIGH

CVE-2019-5544

all versions

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issu

9.8CRITICAL

CVE-2019-6470

all versions

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There

6.5MEDIUM

CVE-2019-11043

all versions

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possibl

8.7HIGH

CVE-2019-15718

all versions

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the sy

4.4MEDIUM

CVE-2019-0211

all versions

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child pr

7.8HIGH

CVE-2019-6454

all versions

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-len

5.5MEDIUM

CVE-2019-8383

all versions

An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png

7.8HIGH

CVE-2019-8379

all versions

An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in

7.8HIGH

CVE-2019-7317

all versions

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_saf

5.3MEDIUM

CVE-2018-16881

all versions

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to

7.5HIGH

CVE-2018-16866

all versions

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A loca

3.3LOW

CVE-2017-12617

all versions

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs ena

8.1HIGH

CVE-2017-12615

all versions

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation paramet

8.1HIGH

CVE-2016-2818

all versions

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow r

8.8HIGH

CVE-2016-3718

all versions

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-sid

5.5MEDIUM

CVE-2016-3715

all versions

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a

5.5MEDIUM

CVE-2015-4902

all versions

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors

5.3MEDIUM

CVE-2015-2590

all versions

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to af

9.8CRITICAL