Redhat Enterprise Linux vulnerabilities

CVE-2023-6915 [MEDIUM] CWE-476 CVE-2023-6915: A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issu A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.

CVE-2023-6683 [MEDIUM] CWE-476 CVE-2023-6683: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_c A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and t

CVE-2024-23301 [MEDIUM] CWE-276 CVE-2024-23301: Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. T Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.

CVE-2024-0443 [MEDIUM] CWE-402 CVE-2024-0443: A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs

CVE-2023-5455 [MEDIUM] CWE-352 CVE-2023-5455: A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported ver A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certai

CVE-2021-3600 [HIGH] CWE-125 CVE-2021-3600: It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds inf It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.

CVE-2023-6004 [MEDIUM] CWE-74 CVE-2023-6004: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit un A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

CVE-2024-0217 [LOW] CWE-416 CVE-2024-0217: A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics f A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered

CVE-2023-6693 [MEDIUM] CWE-121 CVE-2023-6693: A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flu A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the

CVE-2023-7192 [MEDIUM] CWE-401 CVE-2023-7192: A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink. A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.

CVE-2023-4641 [MEDIUM] CWE-303 CVE-2023-4641: A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twi A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

CVE-2023-51767 [HIGH] CVE-2023-51767: OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authen OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this

CVE-2023-51765 [MEDIUM] CWE-345 CVE-2023-51765: sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This is resolved in 8.18

CVE-2023-51764 [MEDIUM] CWE-345 CVE-2023-51764: Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_un Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass

CVE-2023-6546 [HIGH] CWE-366 CVE-2023-6546: A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs wh A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to

CVE-2023-6918 [MEDIUM] CWE-252 CVE-2023-6918: A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemen A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case,

CVE-2023-47038 [HIGH] CWE-122 CVE-2023-47038: A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular ex A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

CVE-2023-48795 [MEDIUM] CWE-354 CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other pr The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgr

CVE-2023-6710 [MEDIUM] CWE-79 CVE-2023-6710: A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious use A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.

CVE-2023-6679 [MEDIUM] CWE-476 CVE-2023-6679: A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service.