Latest redhat enterprise linux Vulnerabilities

CVE-2023-52160
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Ph...
W1.fi Wpa Supplicant<2.10
Google Android
Google Chrome OS
Linux Linux kernel
Debian Debian Linux=10.0
Fedoraproject Fedora=39
and 2 more
CVE-2023-50387
Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2022
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2022, 23H2 Edition
Microsoft Windows Server 2022
and 54 more
CVE-2023-40551
Shim: out of bounds read when parsing mz binaries
redhat/shim<15.8
<15.8
=39
=8.0
=9.0
CVE-2023-40550
Shim: out-of-bound read in verify_buffer_sbat()
<15.8
=39
=8.0
=9.0
CVE-2024-0775
Kernel: use-after-free while changing the mount option in __ext4_remount leading
Linux Linux kernel<6.4
Linux Linux kernel=6.4-rc1
Redhat Enterprise Linux=9.0
redhat/Kernel<6.4
ubuntu/linux<4.15.0-223.235
ubuntu/linux<6.4~
and 75 more
CVE-2024-0690
Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration
redhat/ansible<2.14.4
redhat/ansible<2.15.9
redhat/ansible<2.16.3
Redhat Ansible<2.14.4
Redhat Ansible>=2.15.0<2.15.9
Redhat Ansible>=2.16.0<2.16.3
and 12 more
CVE-2024-0639
Kernel: potential deadlock on &net->sctp.addr_wq_lock leading to dos
Linux Linux kernel<=6.4.16
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
redhat/Kernel<6.5
ubuntu/linux<4.15.0-224.236
ubuntu/linux<6.5~
and 70 more
CVE-2024-0641
Kernel: deadlock leading to denial of service in tipc_crypto_key_revoke
Linux Linux kernel<6.6
Linux Linux kernel=6.6-rc1
Linux Linux kernel=6.6-rc2
Linux Linux kernel=6.6-rc3
Linux Linux kernel=6.6-rc4
Redhat Enterprise Linux=8.0
and 95 more
CVE-2024-0607
Kernel: nf_tables: pointer math issue in nft_byteorder_eval()
Linux Linux kernel<6.7
Linux Linux kernel=6.7-rc1
Fedoraproject Fedora=39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
redhat/kernel<6.7
and 121 more
CVE-2024-0564
Kernel: max page sharing of kernel samepage merging (ksm) may cause memory deduplication
Linux Linux kernel>=4.4.0-96.119<=5.15.0-58
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
CVE-2024-0562
Kernel: use-after-free after removing device in wb_inode_writeback_end in mm/page-writeback.c
redhat/kernel<6.0
Linux Linux kernel<6.0
Linux Linux kernel=6.0-rc1
Linux Linux kernel=6.0-rc2
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
CVE-2024-0553
Gnutls: incomplete fix for cve-2023-5981
ubuntu/gnutls28<3.8.3-1
ubuntu/gnutls28<3.6.13-2ubuntu1.10
ubuntu/gnutls28<3.7.3-4ubuntu1.4
ubuntu/gnutls28<3.7.8-5ubuntu1.2
ubuntu/gnutls28<3.8.1-4ubuntu1.2
Gnu Gnutls<3.8.3
and 5 more
CVE-2024-23301
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
Relax-and-recover Relax-and-recover<=2.7
SUSE Linux Enterprise=15.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=39
CVE-2024-0443
Kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.
Linux Linux kernel>=6.2<6.4
Linux Linux kernel=6.4-rc1
Linux Linux kernel=6.4-rc2
Linux Linux kernel=6.4-rc3
Linux Linux kernel=6.4-rc4
Linux Linux kernel=6.4-rc5
and 4 more
CVE-2024-0409
Xorg-x11-server: selinux context corruption
redhat/xorg-server<21.1.11
redhat/xwayland<23.2.4
Tigervnc Tigervnc<1.13.1
X.org Xorg-server<21.1.11
X.org Xwayland<23.2.4
Fedoraproject Fedora=39
and 23 more
CVE-2024-0408
Xorg-x11-server: selinux unlabeled glx pbuffer
redhat/xorg-server<21.1.11
redhat/xwayland<23.2.4
Tigervnc Tigervnc<1.13.1
X.org Xorg-server<21.1.11
X.org Xwayland<23.2.4
Fedoraproject Fedora=39
and 24 more
CVE-2024-1048
Grub2: grub2-set-bootflag can be abused by local (pseudo-)users
=8.0
=9.0
=40
CVE-2024-0217
Packagekitd: use-after-free in idle function callback
redhat/PackageKit<1.2.7
Packagekit Project Packagekit<1.2.7
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=39
CVE-2024-0841
Kernel: hugetlbfs: null pointer dereference in hugetlbfs_fill_super function
Linux Linux kernel
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
CVE-2023-7192
Kernel: refcount leak in ctnetlink_create_conntrack()
Linux Linux kernel<6.3
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
redhat/Kernel<6.3
ubuntu/linux<4.15.0-222.233
ubuntu/linux<5.4.0-152.169
and 108 more
CVE-2023-51767
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist...
Openbsd Openssh
Fedoraproject Fedora=39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10+deb10u4<=1:8.4p1-5+deb11u3<=1:9.2p1-2+deb12u2<=1:9.6p1-4<=1:9.7p1-4
CVE-2023-51765
escription: By exploiting interpretation differences of the SMTP protocol, it is possible to smuggle/send spoofed e-mails - hence SMTP smuggling - while still passing SPF alignment checks. During this...
<8.18.0.2
<11.0
=8.0
=9.0
redhat/sendmail<8.18.0.2
CVE-2024-0193
Kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation
Linux Linux kernel
Redhat Enterprise Linux=9.0
ubuntu/linux<5.15.0-92.102
ubuntu/linux<6.5.0-15.15
ubuntu/linux-aws<5.15.0-1052.57
ubuntu/linux-aws<6.5.0-1012.12
and 41 more
CVE-2023-51764
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in rec...
debian/postfix<=3.8.2-1<=3.4.23-0+deb10u1<=3.7.6-0+deb12u2<=3.5.18-0+deb11u1
Postfix Postfix<3.5.23
Postfix Postfix>=3.6.0<3.6.13
Postfix Postfix>=3.7.0<3.7.9
Postfix Postfix>=3.8.0<3.8.4
Fedoraproject Fedora=38
and 15 more
CVE-2023-6546
Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability
Linux Linux kernel<6.5
Linux Linux kernel=6.5-rc1
Linux Linux kernel=6.5-rc2
Linux Linux kernel=6.5-rc3
Linux Linux kernel=6.5-rc4
Linux Linux kernel=6.5-rc5
and 6 more
CVE-2023-6918
Libssh: missing checks for return values for digests
Libssh Libssh>=0.9.0<0.9.8
Libssh Libssh>=0.10.0<0.10.6
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
and 10 more
CVE-2023-6915
Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c
Linux Linux kernel<6.7
Linux Linux kernel=6.7-rc7
Linux Linux kernel=6.7-rc8
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
debian/linux<=4.19.249-2<=4.19.304-1<=5.10.205-2
and 72 more
CVE-2023-6683
Qemu: vnc: null pointer dereference in qemu_clipboard_request()
QEMU qemu
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
CVE-2023-6693
Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()
QEMU qemu<8.2.1
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=39
CVE-2023-50782
Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659
Redhat Ansible Automation Platform=2.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Redhat Update Infrastructure=4
Python-cryptography Project Python-cryptography<42.0.0
pip/cryptography<42.0.0
and 8 more
CVE-2023-50781
M2crypto: bleichenbacher timing attacks in the rsa decryption api - incomplete fix for cve-2020-25657
pip/m2crypto<=0.40.1
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Redhat Update Infrastructure=4
M2crypto Project M2crypto
CVE-2023-48795
Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
pip/paramiko>=2.5.0<3.4.0
go/golang.org/x/crypto<0.17.0
rust/russh<0.40.2
Openbsd Openssh<9.6
Putty Putty<0.80
Filezilla-project Filezilla Client<3.66.4
and 119 more
CVE-2023-6356
Kernel: null pointer dereference in nvmet_tcp_build_iovec
=8.6
=9.2
=8.6_ppc64le
=9.2_ppc64le
=8.6_aarch64
and 21 more
CVE-2023-6535
Kernel: null pointer dereference in nvmet_tcp_execute_request
=8.6
=9.2
=8.6_ppc64le
=9.2_ppc64le
=8.6_aarch64
and 21 more
CVE-2023-6476
Cri-o: pods are able to break out of resource confinement on cgroupv2
go/github.com/cri-o/cri-o<1.27.3
go/github.com/cri-o/cri-o>=1.28.0<1.28.3
go/github.com/cri-o/cri-o=1.29.0
Redhat Openshift Container Platform=3.11
Redhat Openshift Container Platform=4.13
Redhat Openshift Container Platform=4.14
and 4 more
CVE-2023-6679
Kernel: null pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c
Linux Linux kernel
Fedoraproject Fedora=38
Redhat Enterprise Linux=9.0
CVE-2024-0646
High Fixes for in Linux Kernel
Linux Linux kernel<6.7
Linux Linux kernel=6.7-rc1
Linux Linux kernel=6.7-rc2
Linux Linux kernel=6.7-rc3
Linux Linux kernel=6.7-rc4
Redhat Enterprise Linux=8.0
and 63 more
CVE-2023-6622
Kernel: null pointer dereference vulnerability in nft_dynset_init()
Linux Linux kernel<=6.6
Linux Linux kernel=6.7-rc1
Linux Linux kernel=6.7-rc2
Linux Linux kernel=6.7-rc3
Linux Linux kernel=6.7-rc4
Redhat Enterprise Linux=8.0
and 42 more
CVE-2023-6610
Kernel: oob access in smb2_dump_detail
Linux Linux kernel
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
ubuntu/linux<6.5.0-27.28
ubuntu/linux<6.7~
ubuntu/linux-aws<6.5.0-1017.17
and 72 more
CVE-2023-6606
Kernel: out-of-bounds read vulnerability in smbcalcsize
Linux Linux kernel
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
ubuntu/linux<4.15.0-221.232
ubuntu/linux<5.4.0-170.188
ubuntu/linux<5.15.0-92.102
and 78 more
CVE-2023-6563
Keycloak: offline session token dos
Redhat Keycloak<21.0.0
Redhat Single Sign-on=7.6
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Redhat Single Sign-on
and 11 more
CVE-2023-6478
Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty
redhat/xorg-server<21.1.10
redhat/xwayland<23.2.3
ubuntu/xorg-server<2:1.18.4-0ubuntu0.12+
ubuntu/xorg-server<2:1.19.6-1ubuntu4.15+
ubuntu/xorg-server<21.1.10
ubuntu/xorg-server<2:1.20.13-1ubuntu1~20.04.12
and 26 more
CVE-2023-6377
Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions
Redhat Enterprise Linux Eus=9.2
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Debian Debian Linux=12.0
X.Org X Server<21.1.10
Redhat Enterprise Linux=6.0
and 26 more
CVE-2023-6531
Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf
Linux Linux kernel<6.7
Linux Linux kernel=6.7-rc1
Linux Linux kernel=6.7-rc2
Linux Linux kernel=6.7-rc3
Linux Linux kernel=6.7-rc4
Redhat Enterprise Linux=9.0
and 17 more
CVE-2023-6291
Keycloak: redirect_uri validation bypass
maven/org.keycloak:keycloak-services<23.0.3
Redhat Keycloak<22.0.7
Redhat Single Sign-on
Redhat Openshift Container Platform=4.11
Redhat Openshift Container Platform=4.12
Redhat Openshift Container Platform For Ibm Z=4.9
and 12 more
CVE-2023-52356
Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service
Libtiff Libtiff
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
ubuntu/tiff<4.3.0-6ubuntu0.8
ubuntu/tiff<4.0.9-5ubuntu0.10+
ubuntu/tiff<4.1.0+
and 7 more
CVE-2023-52355
Libtiff: tiffrasterscanlinesize64 produce too-big size and could cause oom
Libtiff Libtiff<2023-11-11
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
CVE-2023-6277
Libtiff: out-of-memory in tiffopen via a craft file
Libtiff Libtiff
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=38
and 8 more
CVE-2023-6004
Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
Libssh Libssh>=0.8.0<0.9.8
Libssh Libssh>=0.10.0<0.10.6
Fedoraproject Fedora=38
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
redhat/libssh<0.9.8
and 9 more
CVE-2023-6240
Kernel: marvin vulnerability side-channel leakage in the rsa decryption operation
Linux Linux kernel
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203