Redhat Enterprise Linux Aus vulnerabilities

CVE-2024-3183 [HIGH] CWE-916 CVE-2024-3183: A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’ A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal

CVE-2024-0229 [HIGH] CWE-787 CVE-2024-0229: An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.

CVE-2023-47038 [HIGH] CWE-122 CVE-2023-47038: A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular ex A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

CVE-2023-3972 [HIGH] CWE-379 CVE-2023-3972: A vulnerability was found in insights-client. This security issue occurs because of insecure file op A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client

CVE-2023-0494 [HIGH] CWE-416 CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerCl A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding s

CVE-2021-3669 [MEDIUM] CWE-400 CVE-2021-3669: A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

CVE-2021-20316 [MEDIUM] CWE-362 CVE-2021-20316: A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.

CVE-2021-3609 [HIGH] CWE-362 CVE-2021-3609: .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.

CVE-2021-3570 [HIGH] CWE-119 CVE-2021-3570: A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwardin A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw

CVE-2020-14355 [MEDIUM] CWE-120 CVE-2020-14355: Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression

CVE-2020-1045 [HIGH] CVE-2020-1045: <p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded c A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie par

CVE-2020-10711 [MEDIUM] CWE-476 CVE-2020-10711: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_p

CVE-2019-9506 [HIGH] CWE-310 CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encrypti The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

CVE-2019-11478 [MEDIUM] CWE-770 CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the L Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.

CVE-2019-11477 [HIGH] CWE-190 CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer ov Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in com

CVE-2019-10126 [CRITICAL] CWE-122 CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies fun A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.

CVE-2019-11811 [HIGH] CWE-416 CVE-2019-11811: An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted r An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.

CVE-2018-16878 [MEDIUM] CWE-400 CVE-2018-16878: A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflic A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS

CVE-2018-14638 [HIGH] CWE-400 CVE-2018-14638: A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_pa A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.

CVE-2018-13405 [HIGH] CWE-269 CVE-2018-13405: The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to c The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is th