Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2023-09-11 CVE-2022-1415 Deserialization of Untrusted Data vulnerability in Redhat products
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data.
network
low complexity
redhat CWE-502
8.8
8.8
2023-08-28 CVE-2023-4569 Memory Leak vulnerability in multiple products
A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel.
local
low complexity
linux redhat debian CWE-401
5.5
5.5
2023-08-25 CVE-2023-38201 A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration.
low complexity
keylime redhat fedoraproject
6.5
6.5
2023-08-23 CVE-2023-4042 Out-of-bounds Write vulnerability in multiple products
A flaw was found in ghostscript.
local
low complexity
artifex redhat CWE-787
5.5
5.5
2023-08-23 CVE-2023-3899 Incorrect Authorization vulnerability in multiple products
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization.
local
low complexity
redhat fedoraproject CWE-863
7.8
7.8
2023-08-21 CVE-2023-4459 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel.
local
low complexity
linux redhat CWE-476
5.5
5.5
2023-08-21 CVE-2023-4456 Unspecified vulnerability in Redhat Openshift Logging
A flaw was found in openshift-logging LokiStack.
network
low complexity
redhat
6.5
6.5
2023-08-16 CVE-2023-4387 Use After Free vulnerability in multiple products
A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel.
local
low complexity
linux redhat CWE-416
7.1
7.1
2023-08-11 CVE-2023-39417 SQL Injection vulnerability in multiple products
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or "").
network
low complexity
postgresql redhat debian CWE-89
8.8
8.8
2023-08-11 CVE-2023-39418 Insufficient Granularity of Access Control vulnerability in multiple products
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT.
network
low complexity
postgresql redhat debian CWE-1220
4.3
4.3