Vulnerabilities > Redhat > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-27 CVE-2023-4641 Improper Authentication vulnerability in multiple products
A flaw was found in shadow-utils.
local
low complexity
shadow-maint redhat CWE-287
5.5
2023-12-24 CVE-2023-51765 Insufficient Verification of Data Authenticity vulnerability in multiple products
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
network
low complexity
sendmail freebsd redhat CWE-345
5.3
2023-12-24 CVE-2023-51764 Insufficient Verification of Data Authenticity vulnerability in multiple products
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions).
network
low complexity
postfix fedoraproject redhat CWE-345
5.3
2023-12-19 CVE-2023-6918 Unchecked Return Value vulnerability in multiple products
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends.
network
low complexity
libssh redhat fedoraproject CWE-252
5.3
2023-12-18 CVE-2023-6927 Open Redirect vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak.
network
low complexity
redhat CWE-601
6.1
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
5.9
2023-12-18 CVE-2023-3628 A flaw was found in Infinispan's REST.
network
low complexity
redhat infinispan
6.5
2023-12-18 CVE-2023-3629 A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation.
network
low complexity
redhat infinispan
6.5
2023-12-18 CVE-2023-5056 Missing Authorization vulnerability in Redhat Service Interconnect 1.0
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster.
low complexity
redhat CWE-862
4.1
2023-12-18 CVE-2023-5115 Absolute Path Traversal vulnerability in multiple products
An absolute path traversal attack exists in the Ansible automation platform.
network
low complexity
redhat debian CWE-36
6.3