Vulnerabilities > Redhat > Enterprise Linux > 8.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-06 | CVE-2023-42669 | A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. | 6.5 |
| 2023-11-03 | CVE-2023-5088 | Improper Synchronization vulnerability in multiple products A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). | 7.0 |
| 2023-11-03 | CVE-2023-3961 | Path Traversal vulnerability in multiple products A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. | 9.8 |
| 2023-11-03 | CVE-2023-1476 | Use After Free vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. | 7.0 |
| 2023-11-03 | CVE-2023-46846 | HTTP Request Smuggling vulnerability in multiple products SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. | 5.3 |
| 2023-11-03 | CVE-2023-46847 | Classic Buffer Overflow vulnerability in multiple products Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. | 7.5 |
| 2023-11-03 | CVE-2023-4091 | Incorrect Default Permissions vulnerability in multiple products A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". | 6.5 |
| 2023-11-03 | CVE-2023-5824 | Improper Handling of Exceptional Conditions vulnerability in multiple products Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. | 7.5 |
| 2023-11-02 | CVE-2023-38473 | Reachable Assertion vulnerability in multiple products A vulnerability was found in Avahi. | 5.5 |
| 2023-11-02 | CVE-2023-38469 | Reachable Assertion vulnerability in multiple products A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. | 5.5 |