Enterprise Linux FOR Power Little Endian

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-31	CVE-2024-1086	Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. local low complexity linux fedoraproject redhat debian netapp CWE-416	7.8
2024-01-18	CVE-2024-0408	A flaw was found in the X.Org server. local low complexity x-org tigervnc redhat fedoraproject	5.5
2024-01-18	CVE-2024-0409	Out-of-bounds Write vulnerability in multiple products A flaw was found in the X.Org server. local low complexity x-org tigervnc redhat fedoraproject CWE-787	7.8
2024-01-10	CVE-2023-5455	Cross-Site Request Forgery (CSRF) vulnerability in multiple products A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. network low complexity freeipa fedoraproject redhat CWE-352	6.5
2023-12-27	CVE-2023-4641	Improper Authentication vulnerability in multiple products A flaw was found in shadow-utils. local low complexity shadow-maint redhat CWE-287	5.5
2023-12-10	CVE-2023-5868	A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. network low complexity postgresql redhat	4.3
2023-12-10	CVE-2023-5869	Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. network low complexity postgresql redhat CWE-190	8.8
2023-12-10	CVE-2023-5870	A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. network high complexity postgresql redhat	4.4
2023-11-06	CVE-2023-42669	A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. network low complexity samba redhat	6.5
2023-11-03	CVE-2023-1476	Use After Free vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. local high complexity linux redhat CWE-416	7.0