Redhat Enterprise Mrg vulnerabilities

CVE-2020-27786 [HIGH] CWE-416 CVE-2020-27786: A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local accoun A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege e

CVE-2020-27825 [MEDIUM] CWE-362 CVE-2020-27825: A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). The A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.

CVE-2020-1749 [HIGH] CWE-319 CVE-2020-1749: A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints

CVE-2020-10757 [HIGH] CWE-119 CVE-2020-10757: A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pa A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

CVE-2020-12826 [MEDIUM] CWE-190 CVE-2020-12826: A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation li

CVE-2019-14898 [HIGH] CVE-2019-14898: The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.

CVE-2012-6685 [HIGH] CWE-776 CVE-2012-6685: Nokogiri before 1.5.4 is vulnerable to XXE attacks Nokogiri before 1.5.4 is vulnerable to XXE attacks

CVE-2012-3460 [CRITICAL] CWE-20 CVE-2012-3460: cumin: At installation postgresql database user created without password cumin: At installation postgresql database user created without password

CVE-2014-8181 [MEDIUM] CWE-665 CVE-2014-8181: The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, whi The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.

CVE-2013-6460 [MEDIUM] CWE-776 CVE-2013-6460: Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

CVE-2013-6461 [MEDIUM] CWE-776 CVE-2013-6461: Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

CVE-2019-11478 [MEDIUM] CWE-770 CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the L Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.

CVE-2019-11477 [HIGH] CWE-190 CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer ov Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in com

CVE-2019-3459 [MEDIUM] CWE-125 CVE-2019-3459: A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel be A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.

CVE-2018-16884 [HIGH] CWE-416 CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privil

CVE-2017-7482 [HIGH] CWE-190 CVE-2017-7482: In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorr In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.

CVE-2014-8171 [MEDIUM] CWE-399 CVE-2014-8171: The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.

CVE-2017-15127 [MEDIUM] CWE-460 CVE-2017-15127: A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).

CVE-2017-15128 [MEDIUM] CWE-119 CVE-2017-15128: A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).

CVE-2014-3706 [MEDIUM] CWE-295 CVE-2014-3706: ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by lever ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.