Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-06 | CVE-2023-4910 | Exposure of Resource to Wrong Sphere vulnerability in Redhat 3Scale API Management 2.0 A flaw was found In 3Scale Admin Portal. | 5.5 |
| 2023-11-06 | CVE-2023-5090 | Improper Handling of Exceptional Conditions vulnerability in multiple products A flaw was found in KVM. | 5.5 |
| 2023-11-06 | CVE-2023-42669 | A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. | 6.5 |
| 2023-11-03 | CVE-2023-5088 | Improper Synchronization vulnerability in multiple products A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). | 7.0 |
| 2023-11-03 | CVE-2023-3961 | Path Traversal vulnerability in multiple products A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. | 9.8 |
| 2023-11-03 | CVE-2023-1476 | Use After Free vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. | 7.0 |
| 2023-11-03 | CVE-2023-46846 | HTTP Request Smuggling vulnerability in multiple products SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. | 5.3 |
| 2023-11-03 | CVE-2023-46847 | Classic Buffer Overflow vulnerability in multiple products Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. | 7.5 |
| 2023-11-03 | CVE-2023-46848 | Incorrect Conversion between Numeric Types vulnerability in multiple products Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. | 7.5 |
| 2023-11-03 | CVE-2023-4091 | Incorrect Default Permissions vulnerability in multiple products A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". | 6.5 |