Vulnerabilities > Redhat > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-08 CVE-2023-6610 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel.
local
low complexity
linux redhat CWE-125
7.1
2023-11-03 CVE-2023-5088 Improper Synchronization vulnerability in multiple products
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code).
local
high complexity
qemu redhat CWE-662
7.0
2023-11-03 CVE-2023-1476 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code.
local
high complexity
linux redhat CWE-416
7.0
2023-11-03 CVE-2023-46847 Classic Buffer Overflow vulnerability in multiple products
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
network
low complexity
squid-cache redhat CWE-120
7.5
2023-11-03 CVE-2023-46848 Incorrect Conversion between Numeric Types vulnerability in multiple products
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
network
low complexity
squid-cache redhat CWE-681
7.5
2023-11-03 CVE-2023-5824 Improper Handling of Exceptional Conditions vulnerability in multiple products
A flaw was found in Squid.
network
low complexity
squid-cache redhat CWE-755
7.5
2023-11-02 CVE-2023-5408 Unspecified vulnerability in Redhat Openshift Container Platform
A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift.
network
low complexity
redhat
7.2
2023-11-01 CVE-2023-5178 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel.
network
low complexity
linux redhat netapp CWE-416
8.8
2023-11-01 CVE-2023-3972 Exposure of Resource to Wrong Sphere vulnerability in Redhat products
A vulnerability was found in insights-client.
local
low complexity
redhat CWE-668
7.8
2023-11-01 CVE-2023-5625 Resource Exhaustion vulnerability in Redhat products
A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.
network
low complexity
redhat CWE-400
7.5