Redhat Enterprise Linux vulnerabilities

CVE-2024-50074 [HIGH] CWE-125 CVE-2024-50074: In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array o In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf() calls blindly with snprintf(). However, since snprintf() returns the would-be-printed size, not the actually output size, the length calculation can still go over th

CVE-2024-9676 [MEDIUM] CWE-22 CVE-2024-9676: A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the co A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/sto

CVE-2024-9675 [MEDIUM] CWE-22 CVE-2024-9675: A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified path A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

CVE-2024-9341 [HIGH] CWE-59 CVE-2024-9341: A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly ha A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attacker

CVE-2024-8354 [MEDIUM] CWE-617 CVE-2024-8354: A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/co A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

CVE-2024-8443 [LOW] CWE-122 CVE-2024-8443: A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

CVE-2024-45619 [MEDIUM] CWE-120 CVE-2024-45619: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

CVE-2024-45615 [LOW] CWE-457 CVE-2024-45615: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).

CVE-2024-45616 [LOW] CWE-457 CVE-2024-45616: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the car

CVE-2024-45617 [LOW] CWE-457 CVE-2024-45617: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized

CVE-2024-45620 [LOW] CWE-120 CVE-2024-45620: A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Dev A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

CVE-2024-45618 [LOW] CWE-457 CVE-2024-45618: A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Sm A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

CVE-2024-44070 [HIGH] CVE-2024-44070: An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.

CVE-2024-7006 [HIGH] CWE-476 CVE-2024-7006: A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an at A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.

CVE-2024-3056 [MEDIUM] CWE-400 CVE-2024-3056: A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the maliciou

CVE-2024-6237 [MEDIUM] CWE-230 CVE-2024-6237: A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a sy A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

CVE-2024-6505 [MEDIUM] CWE-125 CVE-2024-6505: A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net n A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash th

CVE-2024-6387 [HIGH] CWE-364 CVE-2024-6387: A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race con A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

CVE-2024-6239 [HIGH] CWE-20 CVE-2024-6239: A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter wit A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.

CVE-2024-3183 [HIGH] CWE-916 CVE-2024-3183: A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’ A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal