U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 822 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2023-3773

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.

Published: July 25, 2023; 12:15:11 PM -0400
V3.1: 4.4 MEDIUM
V2.0:(not available)
CVE-2023-3772

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.

Published: July 25, 2023; 12:15:11 PM -0400
V3.1: 4.4 MEDIUM
V2.0:(not available)
CVE-2023-3812

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Published: July 24, 2023; 12:15:13 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-3640

A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.

Published: July 24, 2023; 12:15:13 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-3567

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.

Published: July 24, 2023; 12:15:12 PM -0400
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2023-33952

A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel.

Published: July 24, 2023; 12:15:11 PM -0400
V3.1: 6.7 MEDIUM
V2.0:(not available)
CVE-2023-33951

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.

Published: July 24, 2023; 12:15:11 PM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-3347

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

Published: July 20, 2023; 11:15:11 AM -0400
V3.1: 5.9 MEDIUM
V2.0:(not available)
CVE-2023-34968

A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.

Published: July 20, 2023; 11:15:11 AM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-34967

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.

Published: July 20, 2023; 11:15:11 AM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-34966

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.

Published: July 20, 2023; 11:15:11 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-2127

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.

Published: July 20, 2023; 11:15:11 AM -0400
V3.1: 5.9 MEDIUM
V2.0:(not available)
CVE-2023-3618

A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

Published: July 12, 2023; 11:15:09 AM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-3269

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.

Published: July 11, 2023; 8:15:10 AM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-1672

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.

Published: July 11, 2023; 8:15:09 AM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-1183

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

Published: July 10, 2023; 12:15:48 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-4361

Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.

Published: July 07, 2023; 4:15:09 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-3089

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

Published: July 05, 2023; 9:15:09 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-1206

A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.

Published: June 30, 2023; 6:15:09 PM -0400
V3.1: 5.7 MEDIUM
V2.0:(not available)
CVE-2023-3138

A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.

Published: June 28, 2023; 5:15:10 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)