Vulnerabilities > Redhat > Enterprise Linux Server AUS > 9.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-10 | CVE-2023-5455 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. | 6.5 |
| 2023-12-10 | CVE-2023-5868 | A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. | 4.3 |
| 2023-12-10 | CVE-2023-5869 | Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. | 8.8 |
| 2023-12-10 | CVE-2023-5870 | A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. | 4.4 |
| 2023-12-08 | CVE-2023-6606 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. | 7.1 |
| 2023-11-03 | CVE-2023-46846 | HTTP Request Smuggling vulnerability in multiple products SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. | 5.3 |
| 2023-11-03 | CVE-2023-46847 | Classic Buffer Overflow vulnerability in multiple products Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. | 7.5 |
| 2023-11-03 | CVE-2023-46848 | Incorrect Conversion between Numeric Types vulnerability in multiple products Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. | 7.5 |
| 2023-11-01 | CVE-2023-3972 | Exposure of Resource to Wrong Sphere vulnerability in Redhat products A vulnerability was found in insights-client. | 7.8 |
| 2023-10-23 | CVE-2023-5633 | Use After Free vulnerability in multiple products The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. | 7.8 |