Scribd
Upload
10 views3 pages

Vulnerability Executive Report 2024-02-13

Uploaded by

shubhamage1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views3 pages

Vulnerability Executive Report 2024-02-13

Uploaded by

shubhamage1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Prepared 13 Feb 2024 05:01 UTC

Red Hat Insights

Executive report: Vulnerability


Report generated 13 Feb 2024 05:01 UTC

This report is an executive summary of vulnerabilities with advisories that may impact your Red Hat Enterprise Linux servers.

The vulnerability service is analyzing 1 RHEL system and has identified 106 CVEs and 1 security rule that impact 1 or more
of these systems.

1 106 1
Analyzed RHEL system Identified CVEs Identified security rule

1 of 3 redhat.com
Prepared 13 Feb 2024 05:01 UTC

CVEs
Identified CVEs by CVSS score

CVSS score range Number of CVEs Known exploits


18%
3%
8.0 - 10.0 19 (18% of total) 1
4.0 - 7.9 84 (79% of total) 0
79% 0.0 - 3.9 3 (3% of total) 0

Recently published CVEs indentified on systems

Last 7 days Last 30 days Last 90 days

0 18 40

Top 3 vulnerabilities in your infrastructure

CVE-2023-5178

CVSS score Systems A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in

9.8 1 `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the


Linux kernel. This issue may allow a malicious user to cause a use-after-free and
double-free problem, which may permit remote code execution or lead to local
privilege escalation.

CVE-2023-5730

CVSS score Systems The Mozilla Foundation Security Advisory describes this flaw as:

9.8 1 Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird
115.3. Some of these bugs showed evidence of memory corruption and we presume
that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2023-3961

CVSS score Systems A path traversal vulnerability was identified in Samba when processing client

9.1 1 pipe names connecting to Unix domain sockets within a private directory. Samba
typically uses this mechanism to connect SMB clients to remote procedure call (RPC)
services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However,
due to inadequate sanitization of incoming client pipe names, allowing a client...

2 of 3 redhat.com
Prepared 13 Feb 2024 05:01 UTC

Insights Security Rules


Security rules affecting systems

Severity Num. security rules Num. affected sys-


tems 0.9
Critical 0 0
0.6
Important 1 1
Moderate 0 0 0.3
Low 0 0
0
Critical Important Moderate Low

Top 3 security rules in your infrastructure

"MDS": CPU side-channel reported by kernel

Severity Systems The kernel reports this system is vulnerable.


Important
1
Associated CVEs: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
CVE-2019-11091

3 of 3 redhat.com

You might also like