Redhat Enterprise Linux vulnerabilities

CVE-2021-26252 [HIGH] CWE-787 CVE-2021-26252: A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx m A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.

CVE-2021-3610 [HIGH] CWE-125 CVE-2021-3610: A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 i A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.

CVE-2021-3700 [MEDIUM] CWE-416 CVE-2021-3700: A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirpars A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.

CVE-2021-3596 [MEDIUM] CWE-476 CVE-2021-3596: A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGIm A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.

CVE-2021-44142 [HIGH] CWE-125 CVE-2021-44142: The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compati The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A

CVE-2021-4115 [MEDIUM] CWE-400 CVE-2021-4115: There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to proc There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned

CVE-2021-20325 [CRITICAL] CWE-119 CVE-2021-20325: Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux 8.5.0 would be vulnerable to the mentioned CVEs, even if they were prope

CVE-2021-3657 [CRITICAL] CWE-119 CVE-2021-3657: A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (> A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.

CVE-2020-25717 [HIGH] CWE-20 CVE-2020-25717: A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

CVE-2021-4093 [HIGH] CWE-125 CVE-2021-4093: A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the

CVE-2020-25719 [HIGH] CWE-287 CVE-2020-25719: A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos na A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

CVE-2022-23645 [MEDIUM] CWE-125 CVE-2022-23645: swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versi swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing t

CVE-2021-20320 [MEDIUM] CWE-200 CVE-2021-20320: A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kerne A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.

CVE-2021-3930 [MEDIUM] CWE-193 CVE-2021-3930: An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.

CVE-2021-20321 [MEDIUM] CWE-362 CVE-2021-20321: A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.

CVE-2016-2124 [MEDIUM] CWE-287 CVE-2016-2124: A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw t A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

CVE-2021-3773 [CRITICAL] CWE-200 CVE-2021-3773: A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint in A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

CVE-2021-3752 [HIGH] CWE-416 CVE-2021-3752: A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls conn A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2021-3551 [HIGH] CWE-312 CVE-2021-3551: A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admi A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.

CVE-2021-3753 [MEDIUM] CWE-125 CVE-2021-3753: A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which ma A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.