Red Hat Enterprise Linux Ibm Z Systems

A vulnerability was found in WebKit

CVE-2019-8720 8.8 - High - March 06, 2023

A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.

Buffer Overflow

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

CVE-2022-4254 8.8 - High - February 01, 2023

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

LDAP Injection

A flaw was found in the Linux kernel

CVE-2021-3669 5.5 - Medium - August 26, 2022

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

Resource Exhaustion

A use-after-free flaw was found in libvirt

CVE-2021-3975 6.5 - Medium - August 23, 2022

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

Dangling pointer

An improper link resolution flaw

CVE-2021-31566 7.8 - High - August 23, 2022

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.

insecure temporary file

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link

CVE-2021-23177 7.8 - High - August 23, 2022

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.

insecure temporary file

A NULL pointer dereference flaw was found in the Linux kernels IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection

CVE-2021-3659 5.5 - Medium - August 22, 2022

A NULL pointer dereference flaw was found in the Linux kernels IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.

NULL Pointer Dereference

A privilege escalation flaw was found in Podman

CVE-2022-1227 8.8 - High - April 29, 2022

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

Improper Privilege Management

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions

CVE-2022-27649 7.5 - High - April 04, 2022

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Incorrect Default Permissions

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64

CVE-2022-0435 8.8 - High - March 25, 2022

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

Memory Corruption

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU

CVE-2022-0330 7.8 - High - March 25, 2022

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

Improper Preservation of Permissions

A use-after-free flaw was found in the Linux kernels FUSE filesystem in the way a user triggers write()

CVE-2022-1011 7.8 - High - March 18, 2022

A use-after-free flaw was found in the Linux kernels FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

Dangling pointer

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU

CVE-2021-20257 6.5 - Medium - March 16, 2022

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Infinite Loop

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values

CVE-2022-0847 7.8 - High - March 10, 2022

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Improper Initialization

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel

CVE-2022-0516 7.8 - High - March 10, 2022

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.

There's a flaw in urllib's AbstractBasicAuthHandler class

CVE-2021-3733 6.5 - Medium - March 10, 2022

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

Resource Exhaustion

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization

CVE-2021-3656 8.8 - High - March 04, 2022

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

AuthZ

A flaw was found in python

CVE-2021-3737 7.5 - High - March 04, 2022

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

Resource Exhaustion

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker

CVE-2021-23214 8.1 - High - March 04, 2022

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

SQL Injection

A vulnerability was found in the Linux kernels cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function

CVE-2022-0492 7.8 - High - March 03, 2022

A vulnerability was found in the Linux kernels cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

authentification

An information disclosure flaw was found in Buildah, when building containers using chroot isolation

CVE-2021-3602 5.5 - Medium - March 03, 2022

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).

Improper Removal of Sensitive Information Before Storage or Transfer

A flaw was found in postgresql

CVE-2021-3677 6.5 - Medium - March 02, 2022

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.

Information Disclosure

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "

CVE-2021-44142 8.8 - High - February 21, 2022

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Out-of-bounds Read

A flaw was found in the way Samba maps domain users to local users

CVE-2020-25717 8.1 - High - February 18, 2022

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

Improper Input Validation

A flaw was found in the way samba implemented SMB1 authentication

CVE-2016-2124 5.9 - Medium - February 18, 2022

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

authentification

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication

CVE-2020-25719 7.2 - High - February 18, 2022

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

Race Condition

An off-by-one error was found in the SCSI device emulation in QEMU

CVE-2021-3930 6.5 - Medium - February 18, 2022

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.

off-by-five

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches

CVE-2021-4091 7.5 - High - February 18, 2022

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.

Double-free

A flaw was found in the PKI-server

CVE-2021-3551 7.8 - High - February 16, 2022

A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.

Cleartext Storage of Sensitive Information

A local privilege escalation vulnerability was found on polkit's pkexec utility

CVE-2021-4034 7.8 - High - January 28, 2022

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

Memory Corruption

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames

CVE-2021-3672 5.6 - Medium - November 23, 2021

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

XSS

An information disclosure vulnerability was found in libvirt in versions before 6.3.0

CVE-2020-14301 6.5 - Medium - May 27, 2021

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.

Improper Removal of Sensitive Information Before Storage or Transfer

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0

CVE-2020-27842 5.5 - Medium - January 05, 2021

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.

Out-of-bounds Read

Apache HTTP Server versions 2.4.20 to 2.4.43

CVE-2020-9490 7.5 - High - August 07, 2020

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

HTTP Request Smuggling

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free

CVE-2020-8945 7.5 - High - February 12, 2020

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.

Dangling pointer

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP

CVE-2019-19906 7.5 - High - December 19, 2019

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

Memory Corruption

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free

CVE-2019-7317 5.3 - Medium - February 04, 2019

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Dangling pointer

A denial of service vulnerability was found in rsyslog in the imptcp module

CVE-2018-16881 7.5 - High - January 25, 2019

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

Integer Overflow or Wraparound

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might

CVE-2015-3405 7.5 - High - August 09, 2017

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

Insufficient Entropy

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045

CVE-2016-9675 7.8 - High - December 22, 2016

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.

Memory Corruption

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5

CVE-2012-2665 - August 06, 2012

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.

Memory Corruption

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier

CVE-2012-1717 - June 16, 2012

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which

CVE-2007-6283 - December 18, 2007

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.

Information Disclosure

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response

CVE-2006-5170 - October 10, 2006

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.

Improper Handling of Exceptional Conditions