Redhat Enterprise Linux vulnerabilities

CVE-2023-1476 [HIGH] CWE-416 CVE-2023-1476: A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting sour A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.

CVE-2023-5824 [HIGH] CWE-755 CVE-2023-5824: A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied be A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.

CVE-2023-46847 [HIGH] CWE-120 CVE-2023-46847: Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow att Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

CVE-2023-5088 [HIGH] CWE-821 CVE-2023-5088: A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to b A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1,

CVE-2023-4091 [MEDIUM] CWE-276 CVE-2023-4091: A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even w A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 b

CVE-2023-46846 [MEDIUM] CWE-444 CVE-2023-46846: SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote a SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

CVE-2023-38472 [MEDIUM] CWE-617 CVE-2023-38472: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.

CVE-2023-38471 [MEDIUM] CWE-617 CVE-2023-38471: A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.

CVE-2023-38469 [MEDIUM] CWE-617 CVE-2023-38469: A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_re A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.

CVE-2023-38473 [MEDIUM] CWE-617 CVE-2023-38473: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name( A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.

CVE-2022-4900 [MEDIUM] CWE-119 CVE-2022-4900: A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.

CVE-2023-3164 [MEDIUM] CWE-120 CVE-2023-3164: A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcro A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.

CVE-2023-38470 [MEDIUM] CWE-617 CVE-2023-38470: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() functio A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.

CVE-2023-5178 [HIGH] CWE-416 CVE-2023-5178: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` du A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.

CVE-2023-3972 [HIGH] CWE-379 CVE-2023-3972: A vulnerability was found in insights-client. This security issue occurs because of insecure file op A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client

CVE-2023-1192 [MEDIUM] CWE-416 CVE-2023-1192: A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CI A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.

CVE-2023-5574 [HIGH] CWE-416 CVE-2023-5574: A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very speci A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, all

CVE-2023-5367 [HIGH] CWE-787 CVE-2023-5367: A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect c A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

CVE-2023-4692 [HIGH] CWE-122 CVE-2023-4692: An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an att An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection by

CVE-2023-4693 [MEDIUM] CWE-125 CVE-2023-4693: An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physi An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.