Vulnerabilities > Redhat > Enterprise Linux Workstation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-1086 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. | 7.8 |
| 2024-01-18 | CVE-2024-0409 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the X.Org server. | 7.8 |
| 2023-12-10 | CVE-2023-5869 | Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. | 8.8 |
| 2023-11-03 | CVE-2023-46847 | Classic Buffer Overflow vulnerability in multiple products Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. | 7.5 |
| 2023-10-25 | CVE-2023-5367 | Out-of-bounds Write vulnerability in multiple products A out-of-bounds write flaw was found in the xorg-x11-server. | 7.8 |
| 2023-08-23 | CVE-2023-3899 | Incorrect Authorization vulnerability in multiple products A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. | 7.8 |
| 2023-03-06 | CVE-2019-8720 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A vulnerability was found in WebKit. | 8.8 |
| 2023-02-01 | CVE-2022-4254 | LDAP Injection vulnerability in multiple products sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters | 8.8 |
| 2022-09-29 | CVE-2014-0144 | Improper Input Validation vulnerability in multiple products QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. | 8.6 |
| 2022-09-01 | CVE-2022-2738 | Use After Free vulnerability in multiple products The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. | 7.5 |