Product:

Enterprise_linux

(Redhat)
Repositories https://github.com/torvalds/linux
https://github.com/Perl/perl5
https://github.com/ceph/ceph
https://github.com/ClusterLabs/pcs
https://github.com/mjg59/linux
#Vulnerabilities 1656
Date Id Summary Products Score Patch Annotated
2023-10-25 CVE-2023-5380 A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. Debian_linux, Fedora, Enterprise_linux, X_server, Xwayland 4.7
2023-10-25 CVE-2023-5574 A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service. Enterprise_linux, X_server 7.0
2023-11-01 CVE-2023-3972 A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an... Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_arm_64, Enterprise_linux_for_arm_64_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_update_services_for_sap_solutions, Insights\-Client 7.8
2023-11-01 CVE-2023-5178 A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. Linux_kernel, Active_iq_unified_manager, Solidfire_\&_hci_management_node, Solidfire_\&_hci_storage_node, Enterprise_linux 8.8
2023-11-01 CVE-2023-1192 A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service. Linux_kernel, Enterprise_linux 6.5
2023-11-02 CVE-2023-3164 A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. Libtiff, Enterprise_linux 5.5
2023-11-02 CVE-2023-38469 A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. Avahi, Enterprise_linux 5.5
2023-11-02 CVE-2023-38470 A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. Avahi, Enterprise_linux 5.5
2023-11-02 CVE-2023-38471 A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. Avahi, Enterprise_linux 5.5
2023-11-02 CVE-2023-38472 A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. Avahi, Enterprise_linux 5.5