Redhat

Enterprise Linux

1709 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2023-5546

  • EPSS 1.31%
  • Veröffentlicht 09.11.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:59

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.

6.1

CVE-2023-5547

  • EPSS 0.1%
  • Veröffentlicht 09.11.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:59

The course upload preview contained an XSS risk for users uploading unsafe data.

5.4

CVE-2023-5544

  • EPSS 0.13%
  • Veröffentlicht 09.11.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:41:58

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.

6.4

CVE-2023-39198

  • EPSS 0.01%
  • Veröffentlicht 09.11.2023 20:15:08
  • Zuletzt bearbeitet 21.11.2024 08:14:53

A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allow...

3.8

CVE-2023-4535

  • EPSS 0.22%
  • Veröffentlicht 06.11.2023 17:15:12
  • Zuletzt bearbeitet 21.11.2024 08:35:21

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or s...

6.6

CVE-2023-40660

  • EPSS 0.03%
  • Veröffentlicht 06.11.2023 17:15:11
  • Zuletzt bearbeitet 04.12.2024 08:15:04

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security ...

6.4

CVE-2023-40661

  • EPSS 0.31%
  • Veröffentlicht 06.11.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 08:19:55

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical acce...

5.5

CVE-2023-5090

  • EPSS 0.02%
  • Veröffentlicht 06.11.2023 11:15:09
  • Zuletzt bearbeitet 21.11.2024 08:41:02

A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.

6.5

CVE-2023-42669

  • EPSS 0.58%
  • Veröffentlicht 06.11.2023 07:15:09
  • Zuletzt bearbeitet 21.11.2024 08:22:55

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpc...

7

CVE-2023-5088

  • EPSS 0.01%
  • Veröffentlicht 03.11.2023 14:15:08
  • Zuletzt bearbeitet 21.11.2024 08:41:02

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL...