Vulnerabilities
Vulnerable Software
Redhat:  Security Vulnerabilities
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
CVSS Score
6.2
EPSS Score
0.004
Published
2023-11-02
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.
CVSS Score
6.2
EPSS Score
0.003
Published
2023-11-02
A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
CVSS Score
6.2
EPSS Score
0.003
Published
2023-11-02
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
CVSS Score
6.2
EPSS Score
0.003
Published
2023-11-02
A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
CVSS Score
6.2
EPSS Score
0.003
Published
2023-11-02
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
CVSS Score
6.2
EPSS Score
0.003
Published
2023-11-02
A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.
CVSS Score
5.5
EPSS Score
0.003
Published
2023-11-02
A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.
CVSS Score
7.2
EPSS Score
0.011
Published
2023-11-02
A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.
CVSS Score
6.5
EPSS Score
0.011
Published
2023-11-01
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.
CVSS Score
8.8
EPSS Score
0.091
Published
2023-11-01


Contact Us

Shodan ® - All rights reserved