Vulnerabilities > Redhat > Enterprise Linux > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-11 CVE-2023-39417 SQL Injection vulnerability in multiple products
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or "").
network
low complexity
postgresql redhat debian CWE-89
8.8
2023-08-10 CVE-2023-4128 Use After Free vulnerability in multiple products
A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel.
local
low complexity
linux redhat fedoraproject CWE-416
7.8
2023-08-07 CVE-2023-4147 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID.
local
low complexity
linux fedoraproject redhat debian CWE-416
7.8
2023-07-31 CVE-2023-4004 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END.
7.8
2023-07-24 CVE-2023-38200 Excessive Iteration vulnerability in multiple products
A flaw was found in Keylime.
network
low complexity
keylime redhat fedoraproject CWE-834
7.5
2023-07-24 CVE-2023-3567 Use After Free vulnerability in multiple products
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel.
local
low complexity
linux redhat canonical CWE-416
7.1
2023-07-24 CVE-2023-3640 Information Exposure Through Discrepancy vulnerability in multiple products
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data.
local
low complexity
linux redhat CWE-203
7.8
2023-07-24 CVE-2023-3812 Use After Free vulnerability in multiple products
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled.
local
low complexity
linux redhat CWE-416
7.8
2023-07-20 CVE-2023-34966 Infinite Loop vulnerability in multiple products
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight.
network
low complexity
samba fedoraproject redhat debian CWE-835
7.5
2023-07-11 CVE-2023-3354 NULL Pointer Dereference vulnerability in multiple products
A flaw was found in the QEMU built-in VNC server.
network
low complexity
qemu redhat fedoraproject CWE-476
7.5