Redhat Enterprise Linux vulnerabilities

CVE-2020-10759 [MEDIUM] CWE-347 CVE-2020-10759: A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 an

CVE-2020-0570 [HIGH] CWE-426 CVE-2020-0570: Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticat Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.

CVE-2020-1045 [HIGH] CVE-2020-1045: <p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded c A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie par

CVE-2020-1749 [HIGH] CWE-319 CVE-2020-1749: A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints

CVE-2020-14373 [MEDIUM] CWE-416 CVE-2020-14373: A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attac A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.

CVE-2020-14364 [MEDIUM] CWE-125 CVE-2020-14364: An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of se

CVE-2020-14356 [HIGH] CWE-476 CVE-2020-14356: A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.

CVE-2020-9490 [HIGH] CWE-444 CVE-2020-9490: Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' heade Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

CVE-2020-14311 [MEDIUM] CWE-122 CVE-2020-14311: There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesy There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

CVE-2020-14310 [MEDIUM] CWE-122 CVE-2020-14310: There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a fo There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX,

CVE-2020-15706 [MEDIUM] CWE-362 CVE-2020-15706: GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnera GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.

CVE-2020-15707 [MEDIUM] CWE-362 CVE-2020-15707: Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efili Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command

CVE-2020-15705 [MEDIUM] CWE-347 CVE-2020-15705: GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions

CVE-2020-15719 [MEDIUM] CWE-295 CVE-2020-15719: libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-pa libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.

CVE-2019-19338 [MEDIUM] CVE-2019-19338: A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 whe A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to

CVE-2020-10756 [MEDIUM] CWE-125 CVE-2020-10756: An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emu An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This fl

CVE-2020-10769 [MEDIUM] CWE-125 CVE-2020-10769: A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a l

CVE-2020-10757 [HIGH] CWE-119 CVE-2020-10757: A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pa A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

CVE-2020-10761 [MEDIUM] CWE-617 CVE-2020-10761: An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions be An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.

CVE-2020-10749 [MEDIUM] CWE-300 CVE-2020-10749: A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the maliciou