Filtered by vendor Redhat
Subscriptions
Filtered by product Codeready Linux Builder
Subscriptions
Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44142 | 6 Canonical, Debian, Fedoraproject and 3 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2024-09-16 | 8.8 High |
| The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. | ||||
| CVE-2023-5455 | 3 Fedoraproject, Freeipa, Redhat | 25 Fedora, Freeipa, Codeready Linux Builder and 22 more | 2024-09-16 | 6.5 Medium |
| A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt. | ||||
| CVE-2023-4042 | 2 Artifex, Redhat | 9 Ghostscript, Codeready Linux Builder, Codeready Linux Builder For Arm64 and 6 more | 2024-09-16 | 5.5 Medium |
| A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. | ||||
| CVE-2023-4732 | 2 Linux, Redhat | 12 Linux Kernel, Codeready Linux Builder, Codeready Linux Builder For Arm64 and 9 more | 2024-09-13 | 4.7 Medium |
| A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x. | ||||
| CVE-2016-2124 | 5 Canonical, Debian, Fedoraproject and 2 more | 26 Ubuntu Linux, Debian Linux, Fedora and 23 more | 2024-08-05 | 5.9 Medium |
| A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. | ||||
| CVE-2019-11135 | 9 Canonical, Debian, Fedoraproject and 6 more | 312 Ubuntu Linux, Debian Linux, Fedora and 309 more | 2024-08-04 | 6.5 Medium |
| TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | ||||
| CVE-2019-8720 | 3 Redhat, Webkitgtk, Wpewebkit | 24 Codeready Linux Builder, Codeready Linux Builder Eus, Codeready Linux Builder For Arm64 Eus and 21 more | 2024-08-04 | 8.8 High |
| A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. | ||||
| CVE-2019-3460 | 4 Canonical, Debian, Linux and 1 more | 17 Ubuntu Linux, Debian Linux, Linux Kernel and 14 more | 2024-08-04 | 6.5 Medium |
| A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. | ||||
| CVE-2019-3459 | 4 Canonical, Debian, Linux and 1 more | 17 Ubuntu Linux, Debian Linux, Linux Kernel and 14 more | 2024-08-04 | 6.5 Medium |
| A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. | ||||
| CVE-2020-27842 | 5 Debian, Fedoraproject, Oracle and 2 more | 11 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 8 more | 2024-08-04 | 5.5 Medium |
| There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. | ||||
| CVE-2020-25717 | 5 Canonical, Debian, Fedoraproject and 2 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2024-08-04 | 8.1 High |
| A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. | ||||
| CVE-2020-14301 | 2 Netapp, Redhat | 14 Ontap Select Deploy Administration Utility, Advanced Virtualization, Codeready Linux Builder and 11 more | 2024-08-04 | 6.5 Medium |
| An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command. | ||||
| CVE-2021-31566 | 5 Debian, Fedoraproject, Libarchive and 2 more | 14 Debian Linux, Fedora, Libarchive and 11 more | 2024-08-03 | 7.8 High |
| An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system. | ||||
| CVE-2021-23177 | 4 Debian, Fedoraproject, Libarchive and 1 more | 13 Debian Linux, Fedora, Libarchive and 10 more | 2024-08-03 | 7.8 High |
| An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges. | ||||
| CVE-2021-20257 | 4 Debian, Fedoraproject, Qemu and 1 more | 9 Debian Linux, Fedora, Qemu and 6 more | 2024-08-03 | 6.5 Medium |
| An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3975 | 5 Canonical, Debian, Fedoraproject and 2 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2024-08-03 | 6.5 Medium |
| A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. | ||||
| CVE-2021-3930 | 3 Debian, Qemu, Redhat | 11 Debian Linux, Qemu, Advanced Virtualization and 8 more | 2024-08-03 | 6.5 Medium |
| An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. | ||||
| CVE-2021-3697 | 2 Gnu, Redhat | 14 Grub2, Codeready Linux Builder, Developer Tools and 11 more | 2024-08-03 | 7.0 High |
| A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | ||||
| CVE-2021-3744 | 5 Debian, Fedoraproject, Linux and 2 more | 24 Debian Linux, Fedora, Linux Kernel and 21 more | 2024-08-03 | 5.5 Medium |
| A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. | ||||
| CVE-2021-3659 | 3 Fedoraproject, Linux, Redhat | 17 Fedora, Linux Kernel, Codeready Linux Builder and 14 more | 2024-08-03 | 5.5 Medium |
| A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. | ||||