Redhat Enterprise Linux vulnerabilities

CVE-2023-6004 [MEDIUM] CWE-74 CVE-2023-6004: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit un A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

CVE-2024-0217 [LOW] CWE-416 CVE-2024-0217: A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics f A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered

CVE-2023-6693 [MEDIUM] CWE-121 CVE-2023-6693: A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flu A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the

CVE-2023-7192 [MEDIUM] CWE-401 CVE-2023-7192: A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink. A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.

CVE-2024-0193 [MEDIUM] CWE-416 CVE-2024-0193: A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall elem A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalat

CVE-2023-4641 [MEDIUM] CWE-303 CVE-2023-4641: A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twi A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

CVE-2023-51767 [HIGH] CVE-2023-51767: OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authen OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this

CVE-2023-51765 [MEDIUM] CWE-345 CVE-2023-51765: sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This is resolved in 8.18

CVE-2023-51764 [MEDIUM] CWE-345 CVE-2023-51764: Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_un Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass

CVE-2023-6546 [HIGH] CWE-366 CVE-2023-6546: A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs wh A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to

CVE-2023-6918 [MEDIUM] CWE-252 CVE-2023-6918: A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemen A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case,

CVE-2023-47038 [HIGH] CWE-122 CVE-2023-47038: A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular ex A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

CVE-2023-48795 [MEDIUM] CWE-354 CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other pr The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgr

CVE-2023-6710 [MEDIUM] CWE-79 CVE-2023-6710: A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious use A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.

CVE-2023-6679 [MEDIUM] CWE-476 CVE-2023-6679: A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service.

CVE-2023-5869 [HIGH] CWE-190 CVE-2023-5869: A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code th A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbit

CVE-2023-5870 [MEDIUM] CWE-400 CVE-2023-5870: A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue

CVE-2023-5868 [MEDIUM] CWE-686 CVE-2023-5868: A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensiti A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. Thi

CVE-2023-6610 [HIGH] CWE-125 CVE-2023-6610: An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

CVE-2023-6606 [HIGH] CWE-125 CVE-2023-6606: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.