Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2023-3961 Path Traversal vulnerability in multiple products
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory.
network
low complexity
samba redhat fedoraproject CWE-22
critical
9.8
2023-11-03 CVE-2023-1476 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code.
local
high complexity
linux redhat CWE-416
7.0
2023-11-03 CVE-2023-46846 HTTP Request Smuggling vulnerability in multiple products
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
network
low complexity
squid-cache redhat CWE-444
5.3
2023-11-03 CVE-2023-46847 Classic Buffer Overflow vulnerability in multiple products
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
network
low complexity
squid-cache redhat CWE-120
7.5
2023-11-03 CVE-2023-46848 Incorrect Conversion between Numeric Types vulnerability in multiple products
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
network
low complexity
squid-cache redhat CWE-681
7.5
2023-11-03 CVE-2023-4091 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes".
network
low complexity
samba fedoraproject redhat CWE-276
6.5
2023-11-03 CVE-2023-5824 Improper Handling of Exceptional Conditions vulnerability in multiple products
A flaw was found in Squid.
network
low complexity
squid-cache redhat CWE-755
7.5
2023-11-02 CVE-2022-4900 Out-of-bounds Write vulnerability in multiple products
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
local
low complexity
php redhat CWE-787
5.5
2023-11-02 CVE-2023-38473 Reachable Assertion vulnerability in multiple products
A vulnerability was found in Avahi.
local
low complexity
avahi redhat CWE-617
5.5
2023-11-02 CVE-2023-38469 Reachable Assertion vulnerability in multiple products
A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
local
low complexity
avahi redhat CWE-617
5.5