Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-28	CVE-2023-5981	Information Exposure Through Discrepancy vulnerability in multiple products A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. network high complexity gnu redhat fedoraproject CWE-203	5.9
2018-12-21	CVE-2018-20346	Integer Overflow or Wraparound vulnerability in multiple products SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. network high complexity sqlite google redhat debian opensuse CWE-190	8.1
2018-10-09	CVE-2018-17962	Integer Overflow or Wraparound vulnerability in multiple products Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. network low complexity qemu suse debian canonical redhat oracle CWE-190	7.5
2017-12-11	CVE-2014-3250	Improper Certificate Validation vulnerability in multiple products The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. network low complexity puppet redhat CWE-295	6.5
2016-10-07	CVE-2016-3699	Permissions, Privileges, and Access Controls vulnerability in multiple products The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. local high complexity redhat linux CWE-264	7.4
2004-11-23	CVE-2004-0079	NULL Pointer Dereference vulnerability in multiple products The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. network low complexity cisco symantec hp avaya redhat freebsd openbsd apple sco 4d checkpoint dell lite neoteris novell openssl sgi stonesoft tarantella vmware bluecoat securecomputing sun CWE-476	7.5
2002-03-15	CVE-2002-0083	Off-by-one Error vulnerability in multiple products Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. network low complexity conectiva immunix openpkg mandrakesoft openbsd trustix suse redhat engardelinux CWE-193 critical	9.8