Redhat Enterprise Linux vulnerabilities

CVE-2023-34966 [HIGH] CWE-835 CVE-2023-34966: An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing S An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked

CVE-2023-34967 [MEDIUM] CWE-843 CVE-2023-34967: A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing S A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dal

CVE-2022-2127 [MEDIUM] CWE-125 CVE-2022-2127: An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM auth

CVE-2023-34968 [MEDIUM] CWE-201 CVE-2023-34968: A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba disclos A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.

CVE-2023-3347 [MEDIUM] CWE-347 CVE-2023-3347: A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not e A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the net

CVE-2023-38252 [MEDIUM] CWE-125 CVE-2023-38252: An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may al An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

CVE-2023-38253 [MEDIUM] CWE-125 CVE-2023-38253: An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue m An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

CVE-2023-3618 [MEDIUM] CWE-120 CVE-2023-3618: A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

CVE-2023-3354 [HIGH] CWE-476 CVE-2023-3354: A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU che A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL poi

CVE-2023-3269 [HIGH] CWE-416 CVE-2023-3269: A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.

CVE-2023-1672 [MEDIUM] CWE-362 CVE-2023-1672: A race condition exists in the Tang server functionality for key generation and key rotation. This f A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.

CVE-2023-34432 [HIGH] CWE-122 CVE-2023-34432: A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/format A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.

CVE-2023-34318 [HIGH] CWE-122 CVE-2023-34318: A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:1 A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.

CVE-2023-32627 [MEDIUM] CWE-1077 CVE-2023-32627: A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/v A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.

CVE-2023-1183 [MEDIUM] CWE-20 CVE-2023-1183: A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/scr A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

CVE-2023-26590 [MEDIUM] CWE-1077 CVE-2023-26590: A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.

CVE-2023-1206 [MEDIUM] CWE-400 CVE-2023-1206: A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 funct A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.

CVE-2023-3138 [HIGH] CWE-119 CVE-2023-3138: A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver

CVE-2023-32373 [HIGH] CWE-416 CVE-2023-32373: A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively

CVE-2023-3212 [MEDIUM] CWE-476 CVE-2023-3212: A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.