Redhat Enterprise Linux vulnerabilities

CVE-2021-4209 [MEDIUM] CWE-476 CVE-2021-4209: A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally ca A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.

CVE-2021-4158 [MEDIUM] CWE-476 CVE-2021-4158: A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user wi A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

CVE-2021-4189 [MEDIUM] CWE-252 CVE-2021-4189: A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerab

CVE-2021-4217 [LOW] CWE-476 CVE-2021-4217: A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, whi A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

CVE-2021-23177 [HIGH] CWE-59 CVE-2021-23177: An improper link resolution flaw while extracting an archive can lead to changing the access control An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain mor

CVE-2022-2938 [HIGH] CWE-416 CVE-2022-2938: A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the featu A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.

CVE-2021-3839 [HIGH] CWE-125 CVE-2021-3839: A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not valida A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.

CVE-2021-31566 [HIGH] CWE-59 CVE-2021-31566: An improper link resolution flaw can occur while extracting an archive leading to changing modes, ti An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privilege

CVE-2021-3975 [MEDIUM] CWE-416 CVE-2021-3975: A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandl A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection co

CVE-2021-20316 [MEDIUM] CWE-362 CVE-2021-20316: A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.

CVE-2021-3714 [MEDIUM] CWE-200 CVE-2021-3714: A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that m A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.

CVE-2021-3997 [MEDIUM] CWE-674 CVE-2021-3997: A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of s A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.

CVE-2021-3659 [MEDIUM] CWE-252 CVE-2021-3659: A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking su A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.

CVE-2022-2873 [MEDIUM] CWE-131 CVE-2022-2873: An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.

CVE-2022-2625 [HIGH] CWE-915 CVE-2022-2625: A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary obj A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. G

CVE-2020-14394 [LOW] CWE-835 CVE-2020-14394: An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the len An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.

CVE-2022-1158 [HIGH] CWE-416 CVE-2022-1158: A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as t A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of servic

CVE-2022-2509 [HIGH] CWE-415 CVE-2022-2509: A vulnerability found in gnutls. This security flaw happens because of a double free error occurs du A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

CVE-2022-35651 [MEDIUM] CWE-79 CVE-2022-35651: A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitizati A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive

CVE-2022-35653 [MEDIUM] CWE-79 CVE-2022-35653: A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to in A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentiall