Redhat: >> Enterprise Linux >> 7.0 Security Vulnerabilities
An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.
CVSS Score
7.7
EPSS Score
0.003
Published
2023-12-14
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
CVSS Score
7.6
EPSS Score
0.012
Published
2023-12-13
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
CVSS Score
7.8
EPSS Score
0.004
Published
2023-12-13
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-11-24
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-11-19
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
CVSS Score
4.3
EPSS Score
0.003
Published
2023-11-16
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
CVSS Score
4.3
EPSS Score
0.013
Published
2023-11-09
The course upload preview contained an XSS risk for users uploading unsafe data.
CVSS Score
3.3
EPSS Score
0.001
Published
2023-11-09
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-09
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-11-08