Redhat Enterprise Linux vulnerabilities

CVE-2021-23214 [HIGH] CWE-89 CVE-2021-23214: When the server is configured to use trust authentication with a clientcert requirement or to use ce When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

CVE-2021-3575 [HIGH] CWE-787 CVE-2021-3575: A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompre A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.

CVE-2021-3737 [HIGH] CWE-835 CVE-2021-3737: A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python ma A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

CVE-2021-3656 [HIGH] CWE-862 CVE-2021-3656: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs whe A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS

CVE-2022-0492 [HIGH] CWE-287 CVE-2022-0492: A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgro A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

CVE-2021-3620 [MEDIUM] CWE-209 CVE-2021-3620: A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

CVE-2021-3602 [MEDIUM] CWE-200 CVE-2021-3602: An information disclosure flaw was found in Buildah, when building containers using chroot isolation An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that w

CVE-2022-0711 [HIGH] CWE-835 CVE-2022-0711: A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. Th A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.

CVE-2021-3667 [MEDIUM] CWE-667 CVE-2021-3667: An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occur An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock

CVE-2021-3772 [MEDIUM] CWE-354 CVE-2021-3772: A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP asso A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.

CVE-2021-3631 [MEDIUM] CWE-732 CVE-2021-3631: A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. T A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.

CVE-2021-3623 [MEDIUM] CWE-787 CVE-2021-3623: A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets co A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.

CVE-2021-3677 [MEDIUM] CWE-200 CVE-2021-3677: A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. I A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible

CVE-2021-3716 [LOW] CWE-924 CVE-2021-3716: A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encrypti A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerab

CVE-2021-26252 [HIGH] CWE-787 CVE-2021-26252: A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx m A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.

CVE-2021-3610 [HIGH] CWE-125 CVE-2021-3610: A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 i A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.

CVE-2021-3700 [MEDIUM] CWE-416 CVE-2021-3700: A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirpars A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.

CVE-2021-3596 [MEDIUM] CWE-476 CVE-2021-3596: A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGIm A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.

CVE-2021-44142 [HIGH] CWE-125 CVE-2021-44142: The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compati The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A

CVE-2021-4115 [MEDIUM] CWE-400 CVE-2021-4115: There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to proc There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned