Redhat Enterprise Linux vulnerabilities

CVE-2022-1949 [HIGH] CWE-639 CVE-2022-1949: An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that wou An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, i

CVE-2022-1652 [HIGH] CWE-416 CVE-2022-1652: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concu Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-1462 [MEDIUM] CWE-362 CVE-2022-1462: An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in h An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.

CVE-2022-1789 [MEDIUM] CWE-476 CVE-2022-1789: With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INV With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.

CVE-2022-30599 [CRITICAL] CWE-89 CVE-2022-30599: A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to con A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.

CVE-2022-30600 [CRITICAL] CWE-682 CVE-2022-30600: A flaw was found in moodle where logic used to count failed login attempts could result in the accou A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.

CVE-2022-30596 [MEDIUM] CWE-79 CVE-2022-30596: A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments re A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.

CVE-2022-30597 [MEDIUM] CWE-472 CVE-2022-30597: A flaw was found in moodle where the description user field was not hidden when being set as a hidde A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.

CVE-2022-30598 [MEDIUM] CWE-200 CVE-2022-30598: A flaw was found in moodle where global search results could include author information on some acti A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.

CVE-2022-1706 [MEDIUM] CWE-863 CVE-2022-1706: A vulnerability was found in Ignition where ignition configs are accessible from unprivileged contai A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the

CVE-2022-1587 [CRITICAL] CWE-125 CVE-2022-1587: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_leng An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

CVE-2022-1586 [CRITICAL] CWE-125 CVE-2022-1586: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchi An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

CVE-2021-3611 [MEDIUM] CWE-119 CVE-2021-3611: A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicio A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.

CVE-2021-3750 [HIGH] CWE-416 CVE-2021-3750: A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ult

CVE-2021-4207 [HIGH] CWE-362 CVE-2021-4207: A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled val A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or

CVE-2022-1353 [HIGH] CWE-200 CVE-2022-1353: A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. Th A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.

CVE-2021-4206 [HIGH] CWE-190 CVE-2021-4206: A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_allo A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the

CVE-2022-1227 [HIGH] CWE-281 CVE-2022-1227: A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or

CVE-2022-1048 [HIGH] CWE-416 CVE-2022-1048: A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers con A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVE-2022-0984 [MEDIUM] CWE-863 CVE-2022-0984: Users with the capability to configure badge criteria (teachers and managers by default) were able t Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.