Redhat Enterprise Linux vulnerabilities

CVE-2024-3056 [MEDIUM] CWE-400 CVE-2024-3056: A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the maliciou

CVE-2024-6237 [MEDIUM] CWE-230 CVE-2024-6237: A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a sy A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

CVE-2024-6505 [MEDIUM] CWE-125 CVE-2024-6505: A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net n A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash th

CVE-2024-6387 [HIGH] CWE-364 CVE-2024-6387: A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race con A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

CVE-2024-6239 [HIGH] CWE-20 CVE-2024-6239: A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter wit A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.

CVE-2024-3183 [HIGH] CWE-916 CVE-2024-3183: A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’ A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal

CVE-2024-5742 [MEDIUM] CWE-59 CVE-2024-5742: A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecur A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.

CVE-2024-3049 [MEDIUM] CWE-345 CVE-2024-3049: A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_m A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

CVE-2023-3758 [HIGH] CWE-362 CVE-2023-3758: A race condition flaw was found in sssd where the GPO policy is not consistently applied for authent A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

CVE-2022-24805 [HIGH] CWE-120 CVE-2022-24805: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials

CVE-2022-24809 [MEDIUM] CWE-476 CVE-2022-24809: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credenti

CVE-2022-24808 [MEDIUM] CWE-476 CVE-2022-24808: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing

CVE-2022-24806 [MEDIUM] CWE-20 CVE-2022-24806: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avo

CVE-2022-24807 [MEDIUM] CWE-120 CVE-2022-24807: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 c

CVE-2024-3567 [MEDIUM] CWE-617 CVE-2024-3567: A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.

CVE-2024-2002 [HIGH] CWE-415 CVE-2024-2002: A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf ma A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.

CVE-2024-2496 [MEDIUM] CWE-476 CVE-2024-2496: A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.

CVE-2023-7250 [MEDIUM] CWE-183 CVE-2023-7250: A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A mal A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the

CVE-2023-6917 [MEDIUM] CWE-367 CVE-2023-6917: A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mix A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when

CVE-2023-52160 [MEDIUM] CWE-287 CVE-2023-52160: The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a succes The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV