Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2024-01-02 CVE-2023-6693 Out-of-bounds Write vulnerability in multiple products
A stack based buffer overflow was found in the virtio-net device of QEMU.
local
low complexity
qemu redhat fedoraproject CWE-787
5.3
2023-12-27 CVE-2023-3171 Allocation of Resources Without Limits or Throttling vulnerability in Redhat Jboss Enterprise Application Platform 7.4
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed.
network
low complexity
redhat CWE-770
7.5
2023-12-27 CVE-2023-4641 Improper Authentication vulnerability in multiple products
A flaw was found in shadow-utils.
local
low complexity
shadow-maint redhat CWE-287
5.5
2023-12-24 CVE-2023-51767 OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit.
local
high complexity
openbsd fedoraproject redhat
7.0
2023-12-24 CVE-2023-51765 Insufficient Verification of Data Authenticity vulnerability in multiple products
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
network
low complexity
sendmail freebsd redhat CWE-345
5.3
2023-12-24 CVE-2023-51764 Insufficient Verification of Data Authenticity vulnerability in multiple products
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions).
network
low complexity
postfix fedoraproject redhat CWE-345
5.3
2023-12-21 CVE-2023-6546 Race Condition vulnerability in multiple products
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel.
local
high complexity
linux fedoraproject redhat CWE-362
7.0
2023-12-21 CVE-2023-2585 Unspecified vulnerability in Redhat products
Keycloak's device authorization grant does not correctly validate the device code and client ID.
network
low complexity
redhat
8.1
2023-12-19 CVE-2023-6918 Unchecked Return Value vulnerability in multiple products
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends.
network
low complexity
libssh redhat fedoraproject CWE-252
5.3
2023-12-18 CVE-2023-6927 Open Redirect vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak.
network
low complexity
redhat CWE-601
6.1