Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2023-11-06 CVE-2023-5090 Improper Handling of Exceptional Conditions vulnerability in multiple products
A flaw was found in KVM.
local
low complexity
linux redhat CWE-755
5.5
2023-11-06 CVE-2023-42669 A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements.
network
low complexity
samba redhat
6.5
2023-11-03 CVE-2023-5088 Improper Synchronization vulnerability in multiple products
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code).
local
high complexity
qemu redhat CWE-662
7.0
2023-11-03 CVE-2023-3961 Path Traversal vulnerability in multiple products
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory.
network
low complexity
samba redhat fedoraproject CWE-22
critical
9.8
2023-11-03 CVE-2023-1476 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code.
local
high complexity
linux redhat CWE-416
7.0
2023-11-03 CVE-2023-46846 HTTP Request Smuggling vulnerability in multiple products
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
network
low complexity
squid-cache redhat CWE-444
5.3
2023-11-03 CVE-2023-46847 Classic Buffer Overflow vulnerability in multiple products
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
network
low complexity
squid-cache redhat CWE-120
7.5
2023-11-03 CVE-2023-46848 Incorrect Conversion between Numeric Types vulnerability in multiple products
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
network
low complexity
squid-cache redhat CWE-681
7.5
2023-11-03 CVE-2023-4091 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes".
network
low complexity
samba fedoraproject redhat CWE-276
6.5
2023-11-03 CVE-2023-5824 Improper Handling of Exceptional Conditions vulnerability in multiple products
A flaw was found in Squid.
network
low complexity
squid-cache redhat CWE-755
7.5