Vulnerability Executive Report 2024-02-13

Download as pdf or txt
Download as pdf or txt
You are on page 1of 3

Prepared 13 Feb 2024 05:01 UTC

Red Hat Insights

Executive report: Vulnerability


Report generated 13 Feb 2024 05:01 UTC

This report is an executive summary of vulnerabilities with advisories that may impact your Red Hat Enterprise Linux servers.

The vulnerability service is analyzing 1 RHEL system and has identified 106 CVEs and 1 security rule that impact 1 or more
of these systems.

1 106 1
Analyzed RHEL system Identified CVEs Identified security rule

1 of 3 redhat.com
Prepared 13 Feb 2024 05:01 UTC

CVEs
Identified CVEs by CVSS score

CVSS score range Number of CVEs Known exploits


18%
3%
8.0 - 10.0 19 (18% of total) 1
4.0 - 7.9 84 (79% of total) 0
79% 0.0 - 3.9 3 (3% of total) 0

Recently published CVEs indentified on systems

Last 7 days Last 30 days Last 90 days

0 18 40

Top 3 vulnerabilities in your infrastructure

CVE-2023-5178

CVSS score Systems A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in

9.8 1 `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the


Linux kernel. This issue may allow a malicious user to cause a use-after-free and
double-free problem, which may permit remote code execution or lead to local
privilege escalation.

CVE-2023-5730

CVSS score Systems The Mozilla Foundation Security Advisory describes this flaw as:

9.8 1 Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird
115.3. Some of these bugs showed evidence of memory corruption and we presume
that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2023-3961

CVSS score Systems A path traversal vulnerability was identified in Samba when processing client

9.1 1 pipe names connecting to Unix domain sockets within a private directory. Samba
typically uses this mechanism to connect SMB clients to remote procedure call (RPC)
services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However,
due to inadequate sanitization of incoming client pipe names, allowing a client...

2 of 3 redhat.com
Prepared 13 Feb 2024 05:01 UTC

Insights Security Rules


Security rules affecting systems

Severity Num. security rules Num. affected sys-


tems 0.9
Critical 0 0
0.6
Important 1 1
Moderate 0 0 0.3
Low 0 0
0
Critical Important Moderate Low

Top 3 security rules in your infrastructure

"MDS": CPU side-channel reported by kernel

Severity Systems The kernel reports this system is vulnerable.


Important
1
Associated CVEs: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
CVE-2019-11091

3 of 3 redhat.com

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy