CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4066 – Operator: passwords defined in secrets shown in statefulset yaml
https://notcve.org/view.php?id=CVE-2023-4066
A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker. Se encontró una falla en AMQ Broker de Red Hat, que almacena ciertas contraseñas en un módulo secreto de propiedades de seguridad definido en ActivemqArtemisSecurity CR; sin embargo, se muestran en texto plano en el yaml de detalles de StatefulSet de AMQ Broker. • https://access.redhat.com/errata/RHSA-2023:4720 https://access.redhat.com/security/cve/CVE-2023-4066 https://bugzilla.redhat.com/show_bug.cgi?id=2224677 • CWE-312: Cleartext Storage of Sensitive Information CWE-313: Cleartext Storage in a File or on Disk •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-4042 – Ghostscript: incomplete fix for cve-2020-16305
https://notcve.org/view.php?id=CVE-2023-4042
A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. • https://access.redhat.com/errata/RHSA-2023:7053 https://access.redhat.com/security/cve/CVE-2023-4042 https://bugzilla.redhat.com/show_bug.cgi?id=1870257 https://bugzilla.redhat.com/show_bug.cgi?id=2228151 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 58EXPL: 0CVE-2023-3899 – Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration
https://notcve.org/view.php?id=CVE-2023-3899
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root. • https://access.redhat.com/errata/RHSA-2023:4701 https://access.redhat.com/errata/RHSA-2023:4702 https://access.redhat.com/errata/RHSA-2023:4703 https://access.redhat.com/errata/RHSA-2023:4704 https://access.redhat.com/errata/RHSA-2023:4705 https://access.redhat.com/errata/RHSA-2023:4706 https://access.redhat.com/errata/RHSA-2023:4707 https://access.redhat.com/errata/RHSA-2023:4708 https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4380 – Platform: token exposed at importing project
https://notcve.org/view.php?id=CVE-2023-4380
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability. Existe un defecto lógico en Ansible. Siempre que se crea un proyecto privado con credenciales incorrectas, se registra en texto plano. • https://access.redhat.com/errata/RHSA-2023:4693 https://access.redhat.com/security/cve/CVE-2023-4380 https://bugzilla.redhat.com/show_bug.cgi?id=2232324 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4459 – Kernel: vmxnet3: null pointer dereference in vmxnet3_rq_cleanup()
https://notcve.org/view.php?id=CVE-2023-4459
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. • https://access.redhat.com/errata/RHSA-2024:0412 https://access.redhat.com/errata/RHSA-2024:1250 https://access.redhat.com/errata/RHSA-2024:1306 https://access.redhat.com/errata/RHSA-2024:1367 https://access.redhat.com/errata/RHSA-2024:1382 https://access.redhat.com/errata/RHSA-2024:2006 https://access.redhat.com/errata/RHSA-2024:2008 https://access.redhat.com/security/cve/CVE-2023-4459 https://bugzilla.redhat.com/show_bug.cgi?id=2219268 https://github.com/torvalds/ • CWE-476: NULL Pointer Dereference •