Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2024-0690 | Improper Encoding or Escaping of Output vulnerability in multiple products An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. | 5.5 |
| 2024-02-06 | CVE-2023-4503 | Improper Initialization vulnerability in Redhat products An improper initialization vulnerability was found in Galleon. | 7.5 |
| 2024-02-05 | CVE-2023-50781 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in m2crypto. | 7.5 |
| 2024-02-05 | CVE-2023-50782 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in the python-cryptography package. | 7.5 |
| 2024-02-05 | CVE-2023-7216 | Path Traversal vulnerability in multiple products A path traversal vulnerability was found in the CPIO utility. | 5.3 |
| 2024-02-04 | CVE-2023-6240 | Information Exposure Through Discrepancy vulnerability in multiple products A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. | 6.5 |
| 2024-01-31 | CVE-2023-5992 | Information Exposure Through Discrepancy vulnerability in multiple products A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. | 5.9 |
| 2024-01-31 | CVE-2024-1086 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. | 7.8 |
| 2024-01-31 | CVE-2024-0914 | Information Exposure Through Discrepancy vulnerability in multiple products A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. | 5.9 |
| 2024-01-30 | CVE-2024-0564 | Resource Injection vulnerability in multiple products A flaw was found in the Linux kernel's memory deduplication mechanism. | 6.5 |