Vulnerabilities > Redhat > Enterprise Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-09 CVE-2023-5546 Cross-site Scripting vulnerability in multiple products
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
network
low complexity
moodle redhat fedoraproject CWE-79
5.4
2023-11-09 CVE-2023-5547 Cross-site Scripting vulnerability in multiple products
The course upload preview contained an XSS risk for users uploading unsafe data.
network
low complexity
moodle redhat fedoraproject CWE-79
6.1
2023-11-06 CVE-2023-40660 Improper Authentication vulnerability in multiple products
A flaw was found in OpenSC packages that allow a potential PIN bypass.
low complexity
opensc-project redhat CWE-287
6.6
2023-11-06 CVE-2023-40661 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards.
low complexity
opensc-project redhat CWE-119
6.4
2023-11-06 CVE-2023-5090 Improper Handling of Exceptional Conditions vulnerability in multiple products
A flaw was found in KVM.
local
low complexity
linux redhat CWE-755
5.5
2023-11-06 CVE-2023-42669 A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements.
network
low complexity
samba redhat
6.5
2023-11-03 CVE-2023-46846 HTTP Request Smuggling vulnerability in multiple products
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
network
low complexity
squid-cache redhat CWE-444
5.3
2023-11-03 CVE-2023-4091 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes".
network
low complexity
samba fedoraproject redhat CWE-276
6.5
2023-11-02 CVE-2022-4900 Out-of-bounds Write vulnerability in multiple products
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
local
low complexity
php redhat CWE-787
5.5
2023-11-02 CVE-2023-38473 Reachable Assertion vulnerability in multiple products
A vulnerability was found in Avahi.
local
low complexity
avahi redhat CWE-617
5.5