Redhat Enterprise Linux vulnerabilities

CVE-2022-2393 [MEDIUM] CWE-285 CVE-2022-2393: A flaw was found in pki-core, which could allow a user to get a certificate for another user identit A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

CVE-2022-2211 [MEDIUM] CWE-120 CVE-2022-2211: A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible n A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor.

CVE-2021-3697 [HIGH] CWE-787 CVE-2021-3697: A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlle A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution

CVE-2021-3695 [MEDIUM] CWE-787 CVE-2021-3695: A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to

CVE-2021-3696 [MEDIUM] CWE-787 CVE-2021-3696: A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitr

CVE-2022-1852 [MEDIUM] CWE-476 CVE-2022-1852: A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a deni A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.

CVE-2022-2078 [MEDIUM] CWE-121 CVE-2022-2078: A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allo A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.

CVE-2022-0987 [LOW] CWE-200 CVE-2022-0987: A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface e A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.

CVE-2022-1665 [HIGH] CWE-1291 CVE-2022-1665: A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can b A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code.

CVE-2022-32545 [HIGH] CWE-190 CVE-2022-32545: A vulnerability was found in ImageMagick, causing an outside the range of representable values of ty A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

CVE-2022-32547 [HIGH] CWE-704 CVE-2022-32547: In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignme In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior

CVE-2022-32546 [HIGH] CWE-190 CVE-2022-32546: A vulnerability was found in ImageMagick, causing an outside the range of representable values of ty A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

CVE-2022-1998 [HIGH] CWE-416 CVE-2022-1998: A use after free in the Linux kernel File System notify functionality was found in the way user trig A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

CVE-2022-1708 [HIGH] CWE-400 CVE-2022-1708: A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyon A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of

CVE-2022-1949 [HIGH] CWE-639 CVE-2022-1949: An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that wou An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, i

CVE-2022-1652 [HIGH] CWE-416 CVE-2022-1652: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concu Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-1462 [MEDIUM] CWE-362 CVE-2022-1462: An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in h An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.

CVE-2022-1789 [MEDIUM] CWE-476 CVE-2022-1789: With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INV With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.

CVE-2022-30599 [CRITICAL] CWE-89 CVE-2022-30599: A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to con A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.

CVE-2022-30600 [CRITICAL] CWE-682 CVE-2022-30600: A flaw was found in moodle where logic used to count failed login attempts could result in the accou A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.