Redhat

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-34153 3Fedoraproject ImagemagickRedhat 4Enterprise Linux Extra Packages For Enterprise LinuxFedora+1 more Feb 27, 2026 May 30, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
CVE-2023-34152 3Fedoraproject ImagemagickRedhat 4Enterprise Linux Extra Packages For Enterprise LinuxFedora+1 more Jan 13, 2025 May 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
CVE-2023-34151 4Debian FedoraprojectImagemagick+1 more 5Debian Linux Enterprise LinuxExtra Packages For Enterprise Linux+2 more Dec 2, 2024 May 30, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).
CVE-2023-2953 4Apple NetappOpenldap+1 more 11Active Iq Unified Manager Clustered Data OntapEnterprise Linux+8 more Jan 10, 2025 May 30, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
CVE-2023-2283 3Fedoraproject LibsshRedhat 3Enterprise Linux FedoraLibssh Nov 3, 2025 May 26, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is ins...Show more A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.Show less
CVE-2023-1981 3Avahi FedoraprojectRedhat 3Avahi Enterprise LinuxFedora Nov 3, 2025 May 26, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.
CVE-2023-1667 4Debian FedoraprojectLibssh+1 more 4Debian Linux Enterprise LinuxFedora+1 more Nov 21, 2024 May 26, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.
CVE-2023-1664 1Redhat 5Build Of Quarkus Jboss A MqKeycloak+2 more Jan 15, 2025 May 26, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an a...Show more A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of "Cannot validate client certificate trust: Truststore not available". This may not impact availability as the attacker would have no access to the server, but consumer applications Integrity or Confidentiality may be impacted considering a possible access to them. Considering the environment is correctly set to use "Revalidate Client Certificate" this flaw is avoidable.Show less
CVE-2023-33203 2Linux Redhat 2Enterprise Linux Linux Kernel May 5, 2025 May 18, 2023 N/A· v4 6.4 MEDIUM· v3 N/A· v2 The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.
CVE-2023-2319 2Clusterlabs Redhat 3Enterprise Linux High Availability Enterprise Linux High Availability EusPcs Jan 22, 2025 May 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was prev...Show more It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2.Show less
CVE-2023-2295 2Libreswan Redhat 5Enterprise Linux Enterprise Linux EusEnterprise Linux Server Aus+2 more Jan 22, 2025 May 17, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero re...Show more A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.Show less
CVE-2023-2731 3Fedoraproject LibtiffRedhat 3Enterprise Linux FedoraLibtiff Jan 22, 2025 May 17, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL p...Show more A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.Show less
CVE-2023-2491 2Gnu Redhat 5Emacs Enterprise LinuxEnterprise Linux Eus+2 more Jan 22, 2025 May 17, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a C...Show more A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.Show less
CVE-2023-2203 2Redhat Webkitgtk 5Enterprise Linux Enterprise Linux EusEnterprise Linux Server Aus+2 more Jan 22, 2025 May 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causin...Show more A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.Show less
CVE-2023-2700 2Fedoraproject Redhat 3Enterprise Linux FedoraLibvirt Jan 28, 2025 May 15, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array withi...Show more A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.Show less
CVE-2023-1729 3Fedoraproject LibrawRedhat 3Enterprise Linux FedoraLibraw Mar 20, 2025 May 15, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.
CVE-2023-2088 1Redhat 1Openstack Nov 4, 2025 May 12, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one...Show more A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.Show less
CVE-2023-32573 2Qt Redhat 2Enterprise Linux Qt Jan 27, 2025 May 10, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
CVE-2023-2156 4Debian FedoraprojectLinux+1 more 4Debian Linux Enterprise LinuxFedora+1 more Nov 21, 2024 May 9, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure....Show more A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.Show less
CVE-2023-2513 2Linux Redhat 2Enterprise Linux Linux Kernel Apr 23, 2025 May 8, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or...Show more A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.Show less

Previous 1...293031...283 Next