Redhat Enterprise Linux vulnerabilities

CVE-2023-5869 [HIGH] CWE-190 CVE-2023-5869: A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code th A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbit

CVE-2023-5870 [MEDIUM] CWE-400 CVE-2023-5870: A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue

CVE-2023-5868 [MEDIUM] CWE-686 CVE-2023-5868: A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensiti A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. Thi

CVE-2023-6610 [HIGH] CWE-125 CVE-2023-6610: An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

CVE-2023-6606 [HIGH] CWE-125 CVE-2023-6606: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

CVE-2023-6622 [MEDIUM] CWE-476 CVE-2023-6622: A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset. A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service.

CVE-2023-5871 [MEDIUM] CWE-617 CVE-2023-5871: A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.

CVE-2023-6121 [MEDIUM] CWE-125 CVE-2023-6121: An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).

CVE-2023-6176 [MEDIUM] CWE-476 CVE-2023-6176: A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm sc A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.

CVE-2023-5544 [MEDIUM] CWE-79 CVE-2023-5544: Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk an Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.

CVE-2023-5547 [MEDIUM] CWE-79 CVE-2023-5547: The course upload preview contained an XSS risk for users uploading unsafe data. The course upload preview contained an XSS risk for users uploading unsafe data.

CVE-2023-39198 [MEDIUM] CWE-416 CVE-2023-39198: A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() functio A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially lead

CVE-2023-5546 [MEDIUM] CWE-79 CVE-2023-5546: ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored X ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.

CVE-2023-5090 [MEDIUM] CWE-755 CVE-2023-5090: A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct acc A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.

CVE-2023-40661 [MEDIUM] CWE-119 CVE-2023-40661: Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses

CVE-2023-42669 [MEDIUM] CWE-400 CVE-2023-42669: A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" serv

CVE-2023-40660 [MEDIUM] CWE-287 CVE-2023-40660: A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenti A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computer

CVE-2023-4535 [LOW] CWE-125 CVE-2023-4535: An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handli An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized ac

CVE-2023-3961 [CRITICAL] CWE-22 CVE-2023-3961: A path traversal vulnerability was identified in Samba when processing client pipe names connecting A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of i

CVE-2023-46848 [HIGH] CWE-681 CVE-2023-46848: Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.