Enterprise Linux Update Services For Sap Solutions
by Red Hat
CVEs (32)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-5869 | 0.00 | — | 0.04 | Dec 10, 2023 | A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the… | |||
| CVE-2023-5824 | 0.00 | — | 0.05 | Nov 3, 2023 | A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is… | |||
| CVE-2023-3972 | 0.00 | — | 0.00 | Nov 1, 2023 | A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an… | |||
| CVE-2023-5367 | 0.00 | — | 0.01 | Oct 25, 2023 | A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in… | |||
| CVE-2023-5557 | 0.00 | — | 0.01 | Oct 13, 2023 | A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability. | |||
| CVE-2023-5157 | 0.00 | — | 0.02 | Sep 26, 2023 | A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. | |||
| CVE-2023-42753 | 0.00 | — | 0.01 | Sep 25, 2023 | An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This… | |||
| CVE-2023-3899 | 0.00 | — | 0.00 | Aug 23, 2023 | A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the… | |||
| CVE-2023-4459 | 0.00 | — | 0.00 | Aug 21, 2023 | A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing… | |||
| CVE-2023-39417 | 0.00 | — | 0.02 | Aug 11, 2023 | IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension,… | |||
| CVE-2023-4004 | 0.00 | — | 0.01 | Jul 31, 2023 | A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the… | |||
| CVE-2023-3812 | 0.00 | — | 0.00 | Jul 24, 2023 | An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges… |
- CVE-2023-5869Dec 10, 2023risk 0.00cvss —epss 0.04
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the…
- CVE-2023-5824Nov 3, 2023risk 0.00cvss —epss 0.05
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is…
- CVE-2023-3972Nov 1, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an…
- CVE-2023-5367Oct 25, 2023risk 0.00cvss —epss 0.01
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in…
- CVE-2023-5557Oct 13, 2023risk 0.00cvss —epss 0.01
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.
- CVE-2023-5157Sep 26, 2023risk 0.00cvss —epss 0.02
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
- CVE-2023-42753Sep 25, 2023risk 0.00cvss —epss 0.01
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This…
- CVE-2023-3899Aug 23, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the…
- CVE-2023-4459Aug 21, 2023risk 0.00cvss —epss 0.00
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing…
- CVE-2023-39417Aug 11, 2023risk 0.00cvss —epss 0.02
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension,…
- CVE-2023-4004Jul 31, 2023risk 0.00cvss —epss 0.01
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the…
- CVE-2023-3812Jul 24, 2023risk 0.00cvss —epss 0.00
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges…
Page 2 of 2