Redhat Enterprise Linux Server Eus vulnerabilities

CVE-2021-3659 [MEDIUM] CWE-252 CVE-2021-3659: A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking su A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.

CVE-2021-3744 [MEDIUM] CVE-2021-3744: A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/cr A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

CVE-2021-4034 [HIGH] CWE-787 CVE-2021-4034: A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec applicat A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variabl

CVE-2020-25647 [HIGH] CWE-787 CVE-2020-25647: A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors a A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The high

CVE-2020-14372 [HIGH] CWE-184 CVE-2020-14372: A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the A A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is

CVE-2021-20233 [HIGH] CWE-787 CVE-2021-20233: A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code pe A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat

CVE-2020-27779 [HIGH] CWE-285 CVE-2020-27779: A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot l A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentialit

CVE-2020-25632 [HIGH] CWE-416 CVE-2020-25632: A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading o A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vuln

CVE-2021-20225 [MEDIUM] CWE-787 CVE-2021-20225: A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write p A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-27749 [MEDIUM] CWE-121 CVE-2020-27749: A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supp A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payloa

CVE-2012-4512 [HIGH] CWE-843 CVE-2012-4512: The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

CVE-2014-8139 [HIGH] CWE-787 CVE-2014-8139: Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

CVE-2014-8141 [HIGH] CWE-787 CVE-2014-8141: Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows rem Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

CVE-2014-8140 [HIGH] CWE-787 CVE-2014-8140: Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows re Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

CVE-2014-7844 [HIGH] CWE-74 CVE-2014-7844: BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted emai BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.

CVE-2015-3147 [MEDIUM] CWE-59 CVE-2015-3147: daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports fro daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.

CVE-2019-5544 [CRITICAL] CWE-787 CVE-2019-5544: OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evalu OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

CVE-2019-10216 [HIGH] CWE-648 CVE-2019-10216: In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

CVE-2019-0155 [HIGH] CVE-2019-0155: Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6,

CVE-2018-12207 [MEDIUM] CWE-20 CVE-2018-12207: Improper invalidation for page table updates by a virtual guest operating system for multiple Intel( Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.