CVSS: 7.8EPSS: 0%CPEs: 58EXPL: 0CVE-2023-3899 – Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration
https://notcve.org/view.php?id=CVE-2023-3899
23 Aug 2023 — A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary confi... • https://access.redhat.com/errata/RHSA-2023:4701 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 1%CPEs: 9EXPL: 0CVE-2023-2295 – libreswan: Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux
https://notcve.org/view.php?id=CVE-2023-2295
16 May 2023 — A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package ... • https://access.redhat.com/errata/RHSA-2023:3107 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-2203 – webkitgtk: Regression of CVE-2023-28205 fixes in the Red Hat Enterprise Linux
https://notcve.org/view.php?id=CVE-2023-2203
10 May 2023 — A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform... • https://access.redhat.com/errata/RHSA-2023:2653 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-2491 – emacs: Regression of CVE-2023-28617 fixes in the Red Hat Enterprise Linux
https://notcve.org/view.php?id=CVE-2023-2491
09 May 2023 — A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. Multicluster Engine for Kubernetes 2.2.4 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management ... • https://access.redhat.com/errata/RHSA-2023:2626 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-1476 – Kpatch: mm/mremap.c: incomplete fix for cve-2022-41222
https://notcve.org/view.php?id=CVE-2023-1476
05 Apr 2023 — A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system. Se encontró una falla de use-after-free en el código fuente de contabilidad del espacio de direcciones de memoria mm/mremap del kernel de Linux. Este problema ocurre debido a una condición de ejecución entre rmap walk y mremap, lo qu... • https://access.redhat.com/errata/RHSA-2023:1659 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2023-0494 – X.Org Server DeepCopyPointerClasses Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-0494
07 Feb 2023 — A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the abilit... • https://bugzilla.redhat.com/show_bug.cgi?id=2165995 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 2CVE-2022-4254 – sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
https://notcve.org/view.php?id=CVE-2022-4254
24 Jan 2023 — sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters A vulnerability was found in SSSD, in the libsss_certmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT authentication request to the corresponding principal. The mapping filter is vulnerable to LDAP filter injection. The search result can be i... • https://access.redhat.com/security/cve/CVE-2022-4254 • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 8.6EPSS: 0%CPEs: 12EXPL: 0CVE-2022-2601 – grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
https://notcve.org/view.php?id=CVE-2022-2601
16 Nov 2022 — A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. Se encontró un desbordamiento del búfer en grub_font_construct_glyph(). Una fuente pf2 manipulada maliciosamente puede provocar un desbordamien... • https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0CVE-2021-3695 – grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap
https://notcve.org/view.php?id=CVE-2021-3695
20 Jun 2022 — A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw af... • https://bugzilla.redhat.com/show_bug.cgi?id=1991685 • CWE-787: Out-of-bounds Write •
CVSS: 6.9EPSS: 0%CPEs: 40EXPL: 0CVE-2021-3696 – grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling
https://notcve.org/view.php?id=CVE-2021-3696
20 Jun 2022 — A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. Puede producirse una escritura fuera de límites de la p... • https://bugzilla.redhat.com/show_bug.cgi?id=1991686 • CWE-787: Out-of-bounds Write •