Redhat Enterprise Linux Server Tus vulnerabilities

CVE-2023-3972 [HIGH] CWE-379 CVE-2023-3972: A vulnerability was found in insights-client. This security issue occurs because of insecure file op A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client

CVE-2023-5633 [HIGH] CVE-2023-5633: The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a us The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

CVE-2023-4911 [HIGH] CWE-122 CVE-2023-4911: A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GL A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

CVE-2023-5157 [HIGH] CWE-400 CVE-2023-5157: A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.

CVE-2023-4813 [MEDIUM] CWE-416 CVE-2023-4813: A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

CVE-2023-3899 [HIGH] CWE-285 CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inad A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper

CVE-2023-2203 [HIGH] CWE-416 CVE-2023-2203: A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-afte A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK pa

CVE-2023-2295 [HIGH] CWE-400 CVE-2023-2295: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggress A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the plu

CVE-2023-2491 [HIGH] CWE-77 CVE-2023-2491: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "or A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

CVE-2023-0494 [HIGH] CWE-416 CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerCl A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding s

CVE-2019-8720 [HIGH] CWE-119 CVE-2019-8720: A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web c A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.

CVE-2022-4254 [HIGH] CWE-90 CVE-2022-4254: sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

CVE-2022-2601 [HIGH] CWE-122 CVE-2022-2601: A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure bo

CVE-2014-0144 [HIGH] CWE-20 CVE-2014-0144: QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulne QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.

CVE-2014-0148 [MEDIUM] CWE-835 CVE-2014-0148: Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other poten Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to

CVE-2014-0147 [MEDIUM] CWE-190 CVE-2014-0147: Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW vers Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.

CVE-2021-3669 [MEDIUM] CWE-400 CVE-2021-3669: A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

CVE-2021-23177 [HIGH] CWE-59 CVE-2021-23177: An improper link resolution flaw while extracting an archive can lead to changing the access control An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain mor

CVE-2021-31566 [HIGH] CWE-59 CVE-2021-31566: An improper link resolution flaw can occur while extracting an archive leading to changing modes, ti An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privilege

CVE-2021-3975 [MEDIUM] CWE-416 CVE-2021-3975: A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandl A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection co