Vulnerabilities > Redhat > Enterprise Linux Server AUS > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-31 CVE-2023-5992 Information Exposure Through Discrepancy vulnerability in multiple products
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant.
network
high complexity
opensc-project redhat CWE-203
5.9
5.9
2024-01-10 CVE-2023-5455 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.
network
low complexity
freeipa fedoraproject redhat CWE-352
6.5
6.5
2023-12-10 CVE-2023-5868 A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments.
network
low complexity
postgresql redhat
4.3
4.3
2023-12-10 CVE-2023-5870 A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher.
network
high complexity
postgresql redhat
4.4
4.4
2023-11-03 CVE-2023-46846 HTTP Request Smuggling vulnerability in multiple products
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
network
low complexity
squid-cache redhat CWE-444
5.3
5.3
2023-09-18 CVE-2023-4527 Out-of-bounds Read vulnerability in multiple products
A flaw was found in glibc.
network
high complexity
gnu redhat fedoraproject netapp CWE-125
6.5
6.5
2023-09-18 CVE-2023-4806 Use After Free vulnerability in multiple products
A flaw was found in glibc.
network
high complexity
gnu redhat fedoraproject CWE-416
5.9
5.9
2023-09-12 CVE-2023-4813 Use After Free vulnerability in multiple products
A flaw was found in glibc.
network
high complexity
gnu redhat fedoraproject netapp CWE-416
5.9
5.9
2023-08-25 CVE-2023-38201 A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration.
low complexity
keylime redhat fedoraproject
6.5
6.5
2022-09-29 CVE-2014-0147 Integer Overflow or Wraparound vulnerability in multiple products
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.
local
low complexity
qemu fedoraproject redhat CWE-190
6.2
6.2