Redhat Enterprise Linux vulnerabilities

CVE-2024-5742 [MEDIUM] CWE-59 CVE-2024-5742: A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecur A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.

CVE-2024-3049 [MEDIUM] CWE-345 CVE-2024-3049: A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_m A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

CVE-2023-3758 [HIGH] CWE-362 CVE-2023-3758: A race condition flaw was found in sssd where the GPO policy is not consistently applied for authent A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

CVE-2022-24805 [HIGH] CWE-120 CVE-2022-24805: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials

CVE-2022-24809 [MEDIUM] CWE-476 CVE-2022-24809: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credenti

CVE-2022-24808 [MEDIUM] CWE-476 CVE-2022-24808: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing

CVE-2022-24806 [MEDIUM] CWE-20 CVE-2022-24806: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avo

CVE-2022-24807 [MEDIUM] CWE-120 CVE-2022-24807: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 c

CVE-2024-3567 [MEDIUM] CWE-617 CVE-2024-3567: A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.

CVE-2024-2002 [HIGH] CWE-415 CVE-2024-2002: A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf ma A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.

CVE-2024-2496 [MEDIUM] CWE-476 CVE-2024-2496: A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.

CVE-2023-7250 [MEDIUM] CWE-183 CVE-2023-7250: A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A mal A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the

CVE-2023-6917 [MEDIUM] CWE-367 CVE-2023-6917: A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mix A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when

CVE-2023-52160 [MEDIUM] CWE-287 CVE-2023-52160: The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a succes The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV

CVE-2024-1488 [HIGH] CWE-276 CVE-2024-1488: A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outs A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potenti

CVE-2023-50387 [HIGH] CWE-770 CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow r Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an al

CVE-2023-50868 [HIGH] CWE-400 CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iter

CVE-2023-6681 [MEDIUM] CWE-400 CVE-2023-6681: A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (Do A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.

CVE-2024-1062 [MEDIUM] CWE-122 CVE-2024-1062: A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

CVE-2024-1454 [LOW] CWE-416 CVE-2024-1454: The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in t The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted res