Enterprise Linux EUS

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-13	CVE-2023-6478	Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in xorg-server. network low complexity x-org redhat debian tigervnc CWE-190	7.5
2023-12-10	CVE-2023-5868	A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. network low complexity postgresql redhat	4.3
2023-12-10	CVE-2023-5869	Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. network low complexity postgresql redhat CWE-190	8.8
2023-12-10	CVE-2023-5870	A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. network high complexity postgresql redhat	4.4
2023-12-08	CVE-2023-6606	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. local low complexity linux redhat CWE-125	7.1
2023-11-06	CVE-2023-42669	A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. network low complexity samba redhat	6.5
2023-11-03	CVE-2023-3961	Path Traversal vulnerability in multiple products A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. network low complexity samba redhat fedoraproject CWE-22 critical	9.8
2023-11-03	CVE-2023-1476	Use After Free vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. local high complexity linux redhat CWE-416	7.0
2023-11-03	CVE-2023-46846	HTTP Request Smuggling vulnerability in multiple products SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. network low complexity squid-cache redhat CWE-444	5.3
2023-11-03	CVE-2023-46847	Classic Buffer Overflow vulnerability in multiple products Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. network low complexity squid-cache redhat CWE-120	7.5