Red Hat Enterprise Linux Scientific Computing

A flaw was found in the X.Org server

CVE-2024-0408 5.5 - Medium - January 18, 2024

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.

A flaw was found in the X.Org server

CVE-2024-0409 7.8 - High - January 18, 2024

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

Memory Corruption

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA

CVE-2023-5455 6.5 - Medium - January 10, 2024

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.

Session Riding

A flaw was found in PostgreSQL

CVE-2023-5869 8.8 - High - December 10, 2023

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

Integer Overflow or Wraparound

A vulnerability was found in insights-client

CVE-2023-3972 7.8 - High - November 01, 2023

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).

Exposure of Resource to Wrong Sphere

A out-of-bounds write flaw was found in the xorg-x11-server

CVE-2023-5367 7.8 - High - October 25, 2023

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

Memory Corruption

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization

CVE-2023-3899 7.8 - High - August 23, 2023

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

AuthZ

A vulnerability was found in X.Org

CVE-2023-0494 7.8 - High - March 27, 2023

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.

Dangling pointer

A vulnerability was found in WebKit

CVE-2019-8720 8.8 - High - March 06, 2023

A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.

Buffer Overflow

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

CVE-2022-4254 8.8 - High - February 01, 2023

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU

CVE-2022-0330 7.8 - High - March 25, 2022

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

Improper Preservation of Permissions

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization

CVE-2021-3656 8.8 - High - March 04, 2022

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

AuthZ

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "

CVE-2021-44142 8.8 - High - February 21, 2022

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Out-of-bounds Read

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication

CVE-2020-25719 7.2 - High - February 18, 2022

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

Race Condition

A flaw was found in the way Samba maps domain users to local users

CVE-2020-25717 8.1 - High - February 18, 2022

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

Improper Input Validation

A flaw was found in the way samba implemented SMB1 authentication

CVE-2016-2124 5.9 - Medium - February 18, 2022

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

authentification

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches

CVE-2021-4091 7.5 - High - February 18, 2022

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.

Double-free

A local privilege escalation vulnerability was found on polkit's pkexec utility

CVE-2021-4034 7.8 - High - January 28, 2022

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

Out-of-bounds Read

Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79

CVE-2019-13744 6.5 - Medium - December 10, 2019

Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Information Disclosure

Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79

CVE-2019-13725 8.8 - High - December 10, 2019

Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Dangling pointer

Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79

CVE-2019-13759 4.3 - Medium - December 10, 2019

Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79

CVE-2019-13757 4.3 - Medium - December 10, 2019

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79

CVE-2019-13756 4.3 - Medium - December 10, 2019

Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79

CVE-2019-13755 4.3 - Medium - December 10, 2019

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79

CVE-2019-13753 6.5 - Medium - December 10, 2019

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Out-of-bounds Read

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79

CVE-2019-13752 6.5 - Medium - December 10, 2019

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Out-of-bounds Read

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79

CVE-2019-13751 6.5 - Medium - December 10, 2019

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Use of Uninitialized Resource

Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79

CVE-2019-13763 4.3 - Medium - December 10, 2019

Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79

CVE-2019-13762 3.3 - Low - December 10, 2019

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.

Improper Locking

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79

CVE-2019-13761 4.3 - Medium - December 10, 2019

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79

CVE-2019-13758 4.3 - Medium - December 10, 2019

Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79

CVE-2019-13747 8.8 - High - December 10, 2019

Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79

CVE-2019-13742 6.5 - Medium - December 10, 2019

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79

CVE-2019-13750 6.5 - Medium - December 10, 2019

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.

Improper Input Validation

Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79

CVE-2019-13737 6.5 - Medium - December 10, 2019

Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Information Disclosure

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79

CVE-2019-13730 8.8 - High - December 10, 2019

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79

CVE-2019-13743 6.5 - Medium - December 10, 2019

Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.

Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79

CVE-2019-13741 8.8 - High - December 10, 2019

Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.

XSS

Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79

CVE-2019-13740 6.5 - Medium - December 10, 2019

Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Origin Validation Error

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79

CVE-2019-13739 6.5 - Medium - December 10, 2019

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79

CVE-2019-13738 6.5 - Medium - December 10, 2019

Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.

Improper Privilege Management

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79

CVE-2019-13746 6.5 - Medium - December 10, 2019

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79

CVE-2019-13736 8.8 - High - December 10, 2019

Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Memory Corruption

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79

CVE-2019-13735 8.8 - High - December 10, 2019

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Memory Corruption

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79

CVE-2019-13749 6.5 - Medium - December 10, 2019

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79

CVE-2019-13748 6.5 - Medium - December 10, 2019

Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

AuthZ

Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79

CVE-2019-13732 8.8 - High - December 10, 2019

Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79

CVE-2019-13754 4.3 - Medium - December 10, 2019

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79

CVE-2019-13726 8.8 - High - December 10, 2019

Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Buffer Overflow

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79

CVE-2019-13727 8.8 - High - December 10, 2019

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Improper Preservation of Permissions

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79

CVE-2019-13728 8.8 - High - December 10, 2019

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79

CVE-2019-13729 8.8 - High - December 10, 2019

Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free

CVE-2019-7317 5.3 - Medium - February 04, 2019

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Dangling pointer

A denial of service vulnerability was found in rsyslog in the imptcp module

CVE-2018-16881 7.5 - High - January 25, 2019

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

Integer Overflow or Wraparound

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'

CVE-2018-16866 3.3 - Low - January 11, 2019

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

Information Disclosure

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11

CVE-2017-15129 4.7 - Medium - January 09, 2018

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.

Race Condition

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might

CVE-2015-3405 7.5 - High - August 09, 2017

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

Insufficient Entropy

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045

CVE-2016-9675 7.8 - High - December 22, 2016

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.

Memory Corruption

The handle_command function in mon/Monitor.cc in Ceph

CVE-2016-5009 6.5 - Medium - July 12, 2016

The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.

Improper Input Validation

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2

CVE-2016-2818 8.8 - High - June 13, 2016

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Buffer Overflow

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might

CVE-2015-3214 - August 31, 2015

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

Buffer Overflow

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier

CVE-2015-5165 - August 12, 2015

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

Use of Uninitialized Resource

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier

CVE-2012-1717 - June 16, 2012

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.