Enterprise Linux EUS

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-03	CVE-2023-3961	Path Traversal vulnerability in multiple products A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. network low complexity samba redhat fedoraproject CWE-22 critical	9.8
2023-11-03	CVE-2023-1476	Use After Free vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. local high complexity linux redhat CWE-416	7.0
2023-11-03	CVE-2023-46846	HTTP Request Smuggling vulnerability in multiple products SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. network low complexity squid-cache redhat CWE-444	5.3
2023-11-03	CVE-2023-46847	Classic Buffer Overflow vulnerability in multiple products Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. network low complexity squid-cache redhat CWE-120	7.5
2023-11-03	CVE-2023-46848	Incorrect Conversion between Numeric Types vulnerability in multiple products Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. network low complexity squid-cache redhat CWE-681	7.5
2023-11-03	CVE-2023-4091	Incorrect Default Permissions vulnerability in multiple products A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". network low complexity samba fedoraproject redhat CWE-276	6.5
2023-11-01	CVE-2023-3972	Exposure of Resource to Wrong Sphere vulnerability in Redhat products A vulnerability was found in insights-client. local low complexity redhat CWE-668	7.8
2023-10-03	CVE-2023-4911	Out-of-bounds Write vulnerability in multiple products A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. local low complexity gnu fedoraproject redhat CWE-787	7.8
2023-09-27	CVE-2023-5157	A vulnerability was found in MariaDB. network low complexity mariadb fedoraproject redhat	7.5
2023-09-18	CVE-2023-4527	Out-of-bounds Read vulnerability in multiple products A flaw was found in glibc. network high complexity gnu redhat fedoraproject netapp CWE-125	6.5