Redhat Enterprise Linux Workstation vulnerabilities

CVE-2024-1086 [HIGH] CWE-416 CVE-2024-1086: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error whi

CVE-2023-6816 [CRITICAL] CWE-787 CVE-2023-6816: A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit f A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

CVE-2024-0409 [HIGH] CWE-787 CVE-2024-0409: A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong typ A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

CVE-2024-0408 [MEDIUM] CWE-158 CVE-2024-0408: A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object tha

CVE-2023-5455 [MEDIUM] CWE-352 CVE-2023-5455: A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported ver A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certai

CVE-2023-5869 [HIGH] CWE-190 CVE-2023-5869: A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code th A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbit

CVE-2023-46847 [HIGH] CWE-120 CVE-2023-46847: Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow att Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

CVE-2023-5367 [HIGH] CWE-787 CVE-2023-5367: A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect c A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

CVE-2023-3899 [HIGH] CWE-285 CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inad A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper

CVE-2019-8720 [HIGH] CWE-119 CVE-2019-8720: A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web c A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.

CVE-2022-4254 [HIGH] CWE-90 CVE-2022-4254: sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

CVE-2014-0144 [HIGH] CWE-20 CVE-2014-0144: QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulne QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.

CVE-2014-0148 [MEDIUM] CWE-835 CVE-2014-0148: Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other poten Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to

CVE-2015-1931 [MEDIUM] CWE-312 CVE-2015-1931: IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.

CVE-2014-0147 [MEDIUM] CWE-190 CVE-2014-0147: Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW vers Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.

CVE-2022-2738 [HIGH] CVE-2022-2738: The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under c

CVE-2022-2739 [MEDIUM] CVE-2022-2739: The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.

CVE-2022-1227 [HIGH] CWE-281 CVE-2022-1227: A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or

CVE-2022-0330 [HIGH] CWE-281 CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

CVE-2021-3656 [HIGH] CWE-862 CVE-2021-3656: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs whe A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS