Redhat Enterprise Linux vulnerabilities

CVE-2023-6622 [MEDIUM] CWE-476 CVE-2023-6622: A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset. A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service.

CVE-2023-5871 [MEDIUM] CWE-617 CVE-2023-5871: A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.

CVE-2023-6121 [MEDIUM] CWE-125 CVE-2023-6121: An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).

CVE-2023-6176 [MEDIUM] CWE-476 CVE-2023-6176: A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm sc A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.

CVE-2023-5544 [MEDIUM] CWE-79 CVE-2023-5544: Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk an Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.

CVE-2023-5547 [MEDIUM] CWE-79 CVE-2023-5547: The course upload preview contained an XSS risk for users uploading unsafe data. The course upload preview contained an XSS risk for users uploading unsafe data.

CVE-2023-39198 [MEDIUM] CWE-416 CVE-2023-39198: A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() functio A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially lead

CVE-2023-5546 [MEDIUM] CWE-79 CVE-2023-5546: ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored X ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.

CVE-2023-5090 [MEDIUM] CWE-755 CVE-2023-5090: A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct acc A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.

CVE-2023-40661 [MEDIUM] CWE-119 CVE-2023-40661: Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses

CVE-2023-42669 [MEDIUM] CWE-400 CVE-2023-42669: A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" serv

CVE-2023-40660 [MEDIUM] CWE-287 CVE-2023-40660: A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenti A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computer

CVE-2023-4535 [LOW] CWE-125 CVE-2023-4535: An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handli An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized ac

CVE-2023-3961 [CRITICAL] CWE-22 CVE-2023-3961: A path traversal vulnerability was identified in Samba when processing client pipe names connecting A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of i

CVE-2023-46848 [HIGH] CWE-681 CVE-2023-46848: Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.

CVE-2023-1476 [HIGH] CWE-416 CVE-2023-1476: A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting sour A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.

CVE-2023-5824 [HIGH] CWE-755 CVE-2023-5824: A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied be A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.

CVE-2023-46847 [HIGH] CWE-120 CVE-2023-46847: Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow att Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

CVE-2023-5088 [HIGH] CWE-821 CVE-2023-5088: A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to b A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1,

CVE-2023-4091 [MEDIUM] CWE-276 CVE-2023-4091: A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even w A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 b