Redhat Enterprise Linux Eus vulnerabilities

CVE-2023-46846 [CRITICAL] CWE-444 CVE-2023-46846: SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote a SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

CVE-2023-3972 [HIGH] CWE-379 CVE-2023-3972: A vulnerability was found in insights-client. This security issue occurs because of insecure file op A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client

CVE-2023-5633 [HIGH] CVE-2023-5633: The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a us The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

CVE-2023-4911 [HIGH] CWE-122 CVE-2023-4911: A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GL A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

CVE-2023-5157 [HIGH] CWE-400 CVE-2023-5157: A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.

CVE-2023-4806 [MEDIUM] CWE-416 CVE-2023-4806: A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may ac A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The r

CVE-2023-4527 [MEDIUM] CWE-121 CVE-2023-4527: A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

CVE-2023-4813 [MEDIUM] CWE-416 CVE-2023-4813: A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

CVE-2023-38201 [MEDIUM] CWE-639 CVE-2023-38201: A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protoc A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the

CVE-2023-3899 [HIGH] CWE-285 CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inad A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper

CVE-2023-4147 [HIGH] CWE-416 CVE-2023-4147: A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule wit A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.

CVE-2023-38200 [HIGH] CWE-400 CVE-2023-38200: A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a rem A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.

CVE-2023-2203 [HIGH] CWE-416 CVE-2023-2203: A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-afte A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK pa

CVE-2023-2295 [HIGH] CWE-400 CVE-2023-2295: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggress A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the plu

CVE-2023-2491 [HIGH] CWE-77 CVE-2023-2491: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "or A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

CVE-2023-0494 [HIGH] CWE-416 CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerCl A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding s

CVE-2023-0179 [HIGH] CWE-190 CVE-2023-0179: A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.

CVE-2019-8720 [HIGH] CWE-119 CVE-2019-8720: A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web c A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.

CVE-2022-2601 [HIGH] CWE-122 CVE-2022-2601: A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure bo

CVE-2014-0144 [HIGH] CWE-20 CVE-2014-0144: QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulne QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.