Redhat Enterprise Linux vulnerabilities

CVE-2023-46846 [MEDIUM] CWE-444 CVE-2023-46846: SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote a SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

CVE-2023-38472 [MEDIUM] CWE-617 CVE-2023-38472: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.

CVE-2023-38471 [MEDIUM] CWE-617 CVE-2023-38471: A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.

CVE-2023-38469 [MEDIUM] CWE-617 CVE-2023-38469: A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_re A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.

CVE-2023-38473 [MEDIUM] CWE-617 CVE-2023-38473: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name( A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.

CVE-2022-4900 [MEDIUM] CWE-119 CVE-2022-4900: A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.

CVE-2023-3164 [MEDIUM] CWE-120 CVE-2023-3164: A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcro A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.

CVE-2023-38470 [MEDIUM] CWE-617 CVE-2023-38470: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() functio A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.

CVE-2023-5178 [HIGH] CWE-416 CVE-2023-5178: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` du A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.

CVE-2023-3972 [HIGH] CWE-379 CVE-2023-3972: A vulnerability was found in insights-client. This security issue occurs because of insecure file op A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client

CVE-2023-1192 [MEDIUM] CWE-416 CVE-2023-1192: A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CI A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.

CVE-2023-5574 [HIGH] CWE-416 CVE-2023-5574: A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very speci A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, all

CVE-2023-5367 [HIGH] CWE-787 CVE-2023-5367: A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect c A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

CVE-2023-4692 [HIGH] CWE-122 CVE-2023-4692: An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an att An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection by

CVE-2023-4693 [MEDIUM] CWE-125 CVE-2023-4693: An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physi An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.

CVE-2023-5380 [MEDIUM] CWE-416 CVE-2023-5380: A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specif A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed follo

CVE-2023-5633 [HIGH] CVE-2023-5633: The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a us The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

CVE-2023-5557 [HIGH] CWE-693 CVE-2023-5557: A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-craft A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.

CVE-2023-43789 [MEDIUM] CWE-125 CVE-2023-43789: A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a loca A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.

CVE-2023-44487 [HIGH] CWE-400 CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.