Redhat Enterprise Linux vulnerabilities

CVE-2022-0561 [MEDIUM] CWE-476 CVE-2022-0561: Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_d Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.

CVE-2022-0529 [MEDIUM] CWE-787 CVE-2022-0529: A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a loca A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

CVE-2022-0530 [MEDIUM] CVE-2022-0530: A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a loca A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

CVE-2021-4154 [HIGH] CWE-416 CVE-2021-4154: A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux ker A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.

CVE-2022-0487 [MEDIUM] CWE-416 CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.

CVE-2021-4034 [HIGH] CWE-787 CVE-2021-4034: A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec applicat A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variabl

CVE-2021-4145 [MEDIUM] CWE-476 CVE-2021-4145: A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6. A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold o

CVE-2021-45417 [HIGH] CWE-787 CVE-2021-45417: AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as X AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

CVE-2022-21682 [MEDIUM] CWE-22 CVE-2022-21682: Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will

CVE-2021-43860 [HIGH] CWE-269 CVE-2021-43860: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1 Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. Therefore app

CVE-2021-41819 [HIGH] CWE-565 CVE-2021-41819: CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affe CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

CVE-2021-41817 [HIGH] CWE-1333 CVE-2021-41817: Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

CVE-2021-3621 [HIGH] CWE-77 CVE-2021-3621: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrit

CVE-2021-45463 [HIGH] CVE-2021-45463: load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command lin load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GI

CVE-2021-4024 [MEDIUM] CWE-200 CVE-2021-4024: A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` A

CVE-2021-3622 [MEDIUM] CWE-400 CVE-2021-3622: A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Win A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.

CVE-2021-44733 [HIGH] CWE-362 CVE-2021-44733: A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5. A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

CVE-2021-45078 [HIGH] CVE-2021-45078: stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial o stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

CVE-2021-4104 [HIGH] CWE-502 CVE-2021-4104: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has wr JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228.

CVE-2021-4048 [CRITICAL] CWE-125 CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack t An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.