[ { "threat_severity": "Moderate", "public_date": "2023-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.", "An improper input validation flaw was found in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software that may allow an unauthenticated user to enable a denial of service via adjacent access." ], "upstream_fix": "linux-firmware 20230804", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-36351\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-36351\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html" ], "name": "CVE-2022-36351", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment." ], "statement": "This issue did not affect the openssl packages shipped with Red Hat Enterprise Linux 5.", "upstream_fix": "openssl 1.0.1h, openssl 1.0.0m", "references": [ "https://www.cve.org/CVERecord?id=CVE-2010-5298\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-5298\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2010-5298", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.", "It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords." ], "statement": "This issue in OpenSSH is mitigated by the usage of SELinux in Red Hat Enterprise Linux 6, 7 and 8. More details available at: https://bugzilla.redhat.com/show_bug.cgi?id=1364935#c13", "upstream_fix": "openssh 7.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6515\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6515" ], "name": "CVE-2016-6515", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.", "An invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially crafted message to the peer, which could cause the application to crash or potentially result in arbitrary code execution." ], "statement": "This issue does NOT affect the version of OpenSSL package as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8176\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8176" ], "name": "CVE-2014-8176", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-843", "details": [ "In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.", "It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document." ], "statement": "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15909\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15909" ], "name": "CVE-2018-15909", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.", "An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon." ], "upstream_fix": "cups-filters 1.0.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4337\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4337" ], "name": "CVE-2014-4337", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.", "A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request." ], "upstream_fix": "httpd 2.2.34, httpd 2.4.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3169\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3169\nhttps://httpd.apache.org/security/vulnerabilities_22.html\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-3169", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).", "It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with credentials of a different user." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3509\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3509\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3509", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.", "A Reflected Cross Site Scripting vulnerability was found in the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser." ], "statement": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.", "acknowledgement": "This issue was discovered by Pritam Singh (Red Hat).", "upstream_fix": "pki 10.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10221\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10221" ], "name": "CVE-2019-10221", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-06T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a \"header smuggling\" issue.", "An input validation flaw was found in Squid's mime_get_header_field() function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid operating as interception or reverse-proxy to contact the wrong origin server. It could also be used for cache poisoning for client not following RFC 7230." ], "upstream_fix": "squid 3.5.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4554\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4554\nhttp://www.squid-cache.org/Advisories/SQUID-2016_8.txt" ], "name": "CVE-2016-4554", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-681", "details": [ "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0494\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0494\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0494", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-03T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.", "Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "openssl 1.0.1s, openssl 1.0.2g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2842\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2842" ], "name": "CVE-2016-2842", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-16T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.", "A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL." ], "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Marko Tiikkaja as the original reporter.", "upstream_fix": "postgresql 9.0.19, postgresql 9.1.15, postgresql 9.2.10, postgresql 9.3.6, postgresql 9.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0243\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0243\nhttp://www.postgresql.org/about/news/1569/" ], "name": "CVE-2015-0243", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-01-17T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-646", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21843\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21843" ], "name": "CVE-2023-21843", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.", "A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1790\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1790" ], "name": "CVE-2015-1790", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries." ], "acknowledgement": "Red Hat would like to thank Andrea Palazzo (Truel IT) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4806\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4806\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4806", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-09-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-400", "details": [ "By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.", "A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service." ], "acknowledgement": "Red Hat would like to thank Anat Bremler-Barr (Reichman University), Shani Stajnrod (Reichman University), and Yehuda Afek (Tel-Aviv University) for reporting this issue.", "upstream_fix": "bind 9.16.33, bind 9.18.7, bind 9.19.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2795\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2795\nhttps://kb.isc.org/docs/cve-2022-2795" ], "name": "CVE-2022-2795", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-28T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.", "A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks." ], "statement": "This security flaw can only be exploited when a malicious client negotiates SSLv2 ciphers and completes a SSLv2 handshake. This flaw cannot be actively exploited by a Man-In-The-Middle attacker. \nAll versions of OpenSSL shipped with Red Hat Enterprise Linux enable SSLv2 protocol, but disable SSLv2 ciphers by default (in Red Hat Enterprise Linux 6 and later), therefore are vulnerable to this flaw. Red Hat Product Security has rated this issue as having Low security impact, a future update may address this flaw.\nSSLv2 suffers from a number of security flaws allowing attackers to capture and alter information passed between a client and the server. Therefore we strongly recommend that SSLv2 should be disabled on all the SSL/TLS servers.", "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters.", "upstream_fix": "openssl 1.0.1r, openssl 1.0.2f", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3197\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3197\nhttps://www.openssl.org/news/secadv/20160128.txt" ], "name": "CVE-2015-3197", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.", "It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd." ], "upstream_fix": "httpd 2.2.34, httpd 2.4.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3167\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3167\nhttps://httpd.apache.org/security/vulnerabilities_22.html\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-3167", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.", "An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "acknowledgement": "Upstream acknowledges Jan-Niklas Sohn (Trend Micro Zero Day Initiative) as the original reporter.", "upstream_fix": "xorg-server 21.1.11, xwayland 23.2.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-0229\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0229" ], "name": "CVE-2024-0229", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0687\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0687\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ], "name": "CVE-2016-0687", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-15T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-287", "details": [ "The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.", "It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied." ], "upstream_fix": "httpd 2.4.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3185\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3185\nhttp://httpd.apache.org/security/vulnerabilities_24.html#2.4.16" ], "name": "CVE-2015-3185", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2754\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2754" ], "name": "CVE-2020-2754", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-299", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.", "A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4748\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4748\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4748", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-08-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.", "A flaw was found in krb5. The Key Distribution Center (KDC) in MIT Kerberos 5 has a NULL pointer dereference via a FAST inner body that lacks a server field. An authenticated attacker could use this flaw to crash the Kerberos KDC server. The highest threat from this vulnerability is to system availability." ], "upstream_fix": "krb5 1.18.5, krb5 1.19.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-37750\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-37750" ], "name": "CVE-2021-37750", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2781\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2781" ], "name": "CVE-2020-2781", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.", "A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges." ], "upstream_fix": "openssh 7.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-6564\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6564\nhttp://www.openssh.com/txt/release-7.0" ], "name": "CVE-2015-6564", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2422\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2422" ], "name": "CVE-2019-2422", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-184", "details": [ "It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.", "It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document." ], "statement": "This vulnerability affects only Red Hat Enterprise Linux version 7. Red Hat Enterprise Linux version 6 is not affected by this vulnerability because the set of fixes for CVE-2018-16509, released via RHSA-2018:3760, was complete.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16863\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16863" ], "csaw": true, "name": "CVE-2018-16863" }, { "threat_severity": "Moderate", "public_date": "2018-03-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.", "Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences." ], "statement": "This issue affects the versions of pkicore as shipped with Red Hat Certificate System 9. Red Hat Product Security has rated this issue as having security impact of Low. Please also note that all instances of \"authz.evaluateOrder\" are set to \"deny,allow\" by default. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "This issue was discovered by Fraser Tweedale (Red Hat).", "upstream_fix": "PKI 10.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1080\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1080" ], "name": "CVE-2018-1080", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-444", "details": [ "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.", "A flaw was found in squid. Due to incorrect data validation, an HTTP Request Splitting attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity." ], "upstream_fix": "squid 4.13, squid 5.0.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15811\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15811" ], "name": "CVE-2020-15811", "mitigation": { "value": "Disable the relaxed HTTP parser in `squid.conf`:\n```\nrelaxed_header_parser off\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-24T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.", "Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "squid 4.0.7, squid 3.5.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2569\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2569\nhttp://www.squid-cache.org/Advisories/SQUID-2016_2.txt" ], "name": "CVE-2016-2569", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10067\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10067" ], "name": "CVE-2017-10067", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-704", "details": [ "An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in \"ztype\" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.", "It was discovered that the ghostscript .type operator did not properly validate its operands. A specially crafted PostScript document could exploit this to crash ghostscript or, possibly, execute arbitrary code in the context of the ghostscript process." ], "statement": "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16511\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16511" ], "name": "CVE-2018-16511", "mitigation": { "value": "Please see https://bugzilla.redhat.com/show_bug.cgi?id=1619748#c3", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-02T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.", "It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system." ], "statement": "This issue does not affect the Linux kernel as shipped with Red Hat Enterprise Linux 5. This issue does affect the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases will address this issue.\nPlease note that on x86-64 architecture systems the impact is limited to local Denial of Service and that the ping sockets functionality is disabled by default (net.ipv4.ping_group_range sysctl is \"10\").", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3636\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3636" ], "name": "CVE-2015-3636", "mitigation": { "value": "You can check whether ping socket functionality is enabled by examining the net.ipv4.ping_group_range sysctl value:\n~]# sysctl net.ipv4.ping_group_range\nnet.ipv4.ping_group_range = 10\n\"1 0\" is the default value and disables the ping socket functionality even for root user. Any other value means that the ping socket functionality might be enabled for certain users on the system.\nTo mitigate this vulnerability make sure that you either allow the functionality to trusted local users (groups) only or set the net.ipv4.ping_group_range sysctl to the default and disabled state:\n~]# sysctl net.ipv4.ping_group_range=\"1 0\"\nPlease note that this might prevent some programs relying on this functionality from functioning properly.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-13T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-776", "details": [ "The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080." ], "statement": "Red Hat JBoss SOA Platform 5 is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes; and Red Hat JBoss SOA Platform 4.3 is now in Extended Life Support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware Product Life Cycle: https://access.redhat.com/support/policy/updates/jboss_notes/", "acknowledgement": "This issue was discovered by Red Hat Product Security.", "upstream_fix": "jruby 1.7.16.2, ruby 1.9.3p551, ruby 2.0.0p598, ruby 2.1.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8090\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8090\nhttps://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/" ], "name": "CVE-2014-8090", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-04-16T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-789", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "A flaw was found in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.\nNote: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21085\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21085\nhttps://www.oracle.com/security-alerts/cpuapr2024.html#AppendixJAVA" ], "name": "CVE-2024-21085", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-07-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-22045\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22045" ], "name": "CVE-2023-22045", "csaw": false }, { "threat_severity": "Low", "public_date": "2005-01-04T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.", "A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2005-1080\nhttps://nvd.nist.gov/vuln/detail/CVE-2005-1080" ], "name": "CVE-2005-1080", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", "The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2634\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2634" ], "name": "CVE-2018-2634", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14593\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14593" ], "name": "CVE-2020-14593", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-06T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.", "A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7575\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7575\nhttp://www.mitls.org/pages/attacks/SLOTH\nhttps://access.redhat.com/articles/2112261\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-150/" ], "name": "CVE-2015-7575", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3." ], "upstream_fix": "bind 9.11.4-P2, bind 9.12.2-P2, bind 9.13.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5741\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5741\nhttps://kb.isc.org/docs/cve-2018-5741" ], "name": "CVE-2018-5741", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-01-22T00:00:00Z", "cvss3": { "cvss3_base_score": "2.4", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", "A memory leak was discovered in the systemd-login when a power-switch event is received. A physical attacker may trigger one of these events and leak bytes due to a missing free." ], "statement": "The version of systemd delivered in OpenShift Container Platform 4.1 and included in CoreOS images has been superseded by the version delivered in Red Hat Enterprise Linux 8. CoreOS updates for systemd in will be consumed from Red Hat Enterprise Linux 8 channels.", "upstream_fix": "systemd 243", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20386\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20386" ], "name": "CVE-2019-20386", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.", "A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service." ], "upstream_fix": "systemd 234", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1049\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1049" ], "name": "CVE-2018-1049", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", "It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINE_MAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state." ], "acknowledgement": "Red Hat would like to thank Jann Horn (Google Project Zero) and Ubuntu for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15686\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15686" ], "name": "CVE-2018-15686", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.", "A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.9.8-P3, bind 9.10.3-P3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8704\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8704\nhttps://kb.isc.org/article/AA-01335" ], "name": "CVE-2015-8704", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-17T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.", "It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the network connectivity of that client." ], "acknowledgement": "Red Hat would like to thank Julien Bernard (Viagénie) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3698\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3698" ], "name": "CVE-2016-3698", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-460", "details": [ "Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17961\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17961" ], "name": "CVE-2018-17961", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-772", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI.", "It was discovered that the JNDI component in OpenJDK did not handle DNS resolution errors correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4749\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4749\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4749", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4868\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4868\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4868", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.", "A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Michal Zalewski (Google) as the original reporter.", "upstream_fix": "openssl 1.0.2a, openssl 1.0.1m, openssl 1.0.0r, openssl 0.9.8zf", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0289\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0289\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0289", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-31T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-138", "details": [ "RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.", "A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.4.2, ruby 2.2.8, ruby 2.3.5, rubygems 2.6.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-0902\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0902\nhttp://blog.rubygems.org/2017/08/27/2.6.13-released.html" ], "name": "CVE-2017-0902", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-266", "details": [ "The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.", "A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users." ], "upstream_fix": "openssh 7.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-6563\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6563\nhttp://www.openssh.com/txt/release-7.0" ], "name": "CVE-2015-6563", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-21T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.", "It was found that the controls for zone transfer were not properly applied to Dynamically Loadable Zones (DLZs). An attacker acting as a DNS client could use this flaw to request and receive a zone transfer of a DLZ even when not permitted to do so by the \"allow-transfer\" ACL." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.11.5-P4, bind 9.12.3-P4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6465\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6465\nhttps://kb.isc.org/docs/cve-2019-6465" ], "name": "CVE-2019-6465", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.", "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash." ], "statement": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.", "acknowledgement": "Red Hat would like to thank Hanno Böck for reporting this issue.", "upstream_fix": "httpd 2.4.28, httpd 2.2.35", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9798\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9798\nhttps://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" ], "name": "CVE-2017-9798", "mitigation": { "value": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-09-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-126", "details": [ "A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.", "A flaw was found in Squid. An incorrect integer overflow protection in the Squid SSPI and SMB authentication helpers is vulnerable to a buffer overflow attack, resulting in information disclosure." ], "upstream_fix": "squid 5.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-41318\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-41318\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78" ], "name": "CVE-2022-41318", "mitigation": { "value": "Disable use of the vulnerable authentication scheme.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-09-21T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.", "Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter.", "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6306\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6306\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-6306", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-19T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-402", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21540\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21540" ], "name": "CVE-2022-21540", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21366\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21366" ], "name": "CVE-2022-21366", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-444", "details": [ "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling", "A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling." ], "upstream_fix": "httpd 2.4.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22720\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22720\nhttps://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720" ], "name": "CVE-2022-22720", "mitigation": { "value": "There are currently no known mitigations for this issue.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot.", "A flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0470\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0470\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0470", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "An issue was discovered in Artifex Ghostscript before 9.24. Incorrect \"restoration of privilege\" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction.", "It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document." ], "statement": "This issue did affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7. \nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16509\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16509\nhttp://seclists.org/oss-sec/2018/q3/142" ], "csaw": true, "name": "CVE-2018-16509", "mitigation": { "value": "* ImageMagick relies on ghostscript when processing certain files formats. Thus, ImageMagick can be used as an attack vector. In order to prevent ImageMagick from processing those files on Red Hat Enterprise Linux 6 and 7, you can disable the use of ghostscript and the processing of PS, EPS, PDF, and XPS file formats in ImageMagick's security policy by opening /etc/ImageMagick/policy.xml and adding the following lines to the \"\" section of the file:\n```\n\n\n\n\n\n```\n* Additionally, this issue can be triggered when processing files in order to generate thumbnails, for example when browsing a folder containing a malicious PostScript file in Nautilus. To prevent this, remove or rename the \"/usr/bin/evince-thumbnailer\" executable.\nIn Red Hat Enterprise Linux v.7.6 and above, the thumbnailing is done in a sandbox.\n* It is possible to run PDF/PS viewers, such as evince and okular, in a SELinux sandbox using the `sandbox` command from the policycoreutils-sandbox package :\n$ sandbox -X evince \nThe sandbox will prevent an attacker to make modifications on the file system.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2023-10-25T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.", "A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed." ], "statement": "The xorg-x11-server-Xwayland package as shipped by Red Hat Enterprise Linux 8 and 9 is not affected by this issue as Xwayland does not support multiple protocol screens and is not affected by this vulnerability.", "upstream_fix": "xorg-server 21.1.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5380\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5380\nhttps://lists.x.org/archives/xorg-announce/2023-October/003430.html" ], "name": "CVE-2023-5380", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-73", "details": [ "Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access." ], "upstream_fix": "qt 5.14.0, qt 5.12.7, qt 5.9.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0569\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0569" ], "name": "CVE-2020-0569", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-07-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-304", "details": [ "The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.", "It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks." ], "statement": "This issue does not affect the default OpenSSH sshd configuration in Red Hat Enterprise Linux 4, 5, 6 and 7.", "upstream_fix": "openssh 7.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5600\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5600\nhttps://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/" ], "name": "CVE-2015-5600", "mitigation": { "value": "This issue can be mitigated by disabling keyboard-interactive authentication method. That can be achieved by setting \"ChallengeResponseAuthentication no\" in the /etc/ssh/sshd_config configuration file and restarting the sshd service.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3500\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3500\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3500", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.", "A denial of service flaw was found in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10207\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10207" ], "name": "CVE-2016-10207", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.", "A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity." ], "statement": "Red Hat Enterprise Linux 8.3 (pki-core 10.9.4) contains mitigations that prevents the vulnerability to be exploited. Red Hat Enterprise Linux version 8 prior to 8.3 are vulnerable to this version", "upstream_fix": "pki-core 10.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25715\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25715" ], "name": "CVE-2020-25715", "mitigation": { "value": "Because the cross-site scripting (XSS) attack requires the victim to have their RHCS certificate installed in their web browser to be successful, it is recommended that web browser not hold the keys and that the user use the command line interface (CLI) instead.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3169\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3169" ], "name": "CVE-2018-3169", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-270", "details": [ "In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.", "It was found that flatpak's D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface." ], "upstream_fix": "flatpak 0.8.9, flatpak 0.10.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6560\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6560" ], "name": "CVE-2018-6560", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2602\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2602" ], "name": "CVE-2019-2602", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-30T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.", "It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7978\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7978" ], "name": "CVE-2016-7978", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-25T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.", "A flaw was found in the way the cups-browsed daemon interpreted the \"BrowseAllow\" directive in the cups-browsed.conf file. An attacker able to add a malformed \"BrowseAllow\" directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions." ], "upstream_fix": "cups-filters 1.0.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4338\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4338" ], "name": "CVE-2014-4338", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-01T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-90->CWE-476", "details": [ "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5729\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5729" ], "name": "CVE-2018-5729", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue.", "A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges David Benjamin (Google), Hanno Böck, and Huzaifa Sidhpurwala (Red Hat) as the original reporters.", "upstream_fix": "openssl 1.0.1o, openssl 1.0.2c", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2108\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2108\nhttps://openssl.org/news/secadv/20160503.txt" ], "name": "CVE-2016-2108", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.", "A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server." ], "statement": "This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 5, Red Hat JBoss Enterprise Application Platform 5 and 6, and Red Hat Enterprise JBoss Enterprise Web Server 1 and 2.", "upstream_fix": "openssl 1.0.1j", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3513\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3513\nhttps://www.openssl.org/news/secadv_20141015.txt" ], "name": "CVE-2014-3513", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-10-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files." ], "upstream_fix": "openssh 7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15906\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15906" ], "name": "CVE-2017-15906", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2952\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2952" ], "name": "CVE-2018-2952", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1." ], "upstream_fix": "squid 4.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12525\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12525\nhttp://www.squid-cache.org/Advisories/SQUID-2019_3.txt" ], "name": "CVE-2019-12525", "mitigation": { "value": "Remove 'auth_param digest ...' configuration settings from squid.conf.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-21T12:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.", "It was found that the forceput operator could be extracted from the DefineResource method. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER." ], "acknowledgement": "This issue was discovered by Cedric Buissart (Red Hat).", "upstream_fix": "ghostscript 9.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3838\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3838\nhttps://bugs.ghostscript.com/show_bug.cgi?id=700576" ], "name": "CVE-2019-3838", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4840\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4840\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4840", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10194\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10194" ], "name": "CVE-2018-10194", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-09-16T00:00:00Z", "cvss3": { "cvss3_base_score": "9.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-918", "details": [ "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.", "A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and inaccessible otherwise. The impact of this flaw varies based on what services and resources are available on the httpd network." ], "statement": "Impact of the flaw set to Important because the actions an attacker can do varies a lot based on the kind of infrastructure in place, the kind of internal services and resources, and the available endpoints on those services. The attacker should also perform some kind of target-specific reconnaissance in order to find out all the above information.\nThe version of httpd as shipped in Red Hat Enterprise Linux 7 is affected by this flaw even if the upstream code was not, because the Unix Domain Socket support required to trigger the flaw was backported.\nThe version of httpd as shipped in Red hat Enterprise Linux 6 is not affected by this flaw because there is no support for Unix Domain Socket.\nThe flaw can be triggered only if mod_proxy is in use (e.g. ProxyPass, ReverseProxy is used in the httpd configuration files).", "upstream_fix": "httpd 2.4.49", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-40438\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-40438\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog" ], "name": "CVE-2021-40438", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-28T12:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.", "A flaw was found in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands." ], "acknowledgement": "Red Hat would like to thank Artifex Software for reporting this issue. Upstream acknowledges Hiroki MATSUKUMA (Cyber Defense Institute) as the original reporter.", "upstream_fix": "ghostscript 9.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14811\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14811" ], "name": "CVE-2019-14811", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.", "It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document." ], "statement": "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16540\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16540\nhttps://www.artifex.com/news/ghostscript-security-resolved/\nhttps://www.kb.cert.org/vuls/id/332928" ], "name": "CVE-2018-16540", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-08-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-125", "details": [ "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read." ], "upstream_fix": "qt 5.15.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-17507\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-17507" ], "name": "CVE-2020-17507", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-27T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.", "A flaw was found in the OTP kdcpreauth module of MIT Kerberos. A remote attacker could use this flaw to bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password." ], "statement": "This issue does not affect the version of krb5 package as shipped with Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2694\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2694" ], "name": "CVE-2015-2694", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2659\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2659" ], "name": "CVE-2020-2659", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-04-18T20:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-924", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21930\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21930" ], "name": "CVE-2023-21930", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.", "An input validation flaw was found in the way Squid handled intercepted HTTP Request messages. An attacker could use this flaw to bypass the protection against issues related to CVE-2009-0801, and perform cache poisoning attacks on Squid." ], "upstream_fix": "squid 3.5.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4553\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4553\nhttp://www.squid-cache.org/Advisories/SQUID-2016_7.txt" ], "name": "CVE-2016-4553", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3587\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3587\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3587", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.", "A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory." ], "statement": "This did not affect openssl packages in Red Hat Enterprise Linux 5 (based on upstream 0.9.8e) and openssl 1.0.0 packages in Red Hat Enterprise Linux 6 (i.e. packages released before RHBA-2013:1585, which rebased openssl from 1.0.0 to 1.0.1e). The issue was introduced upstream in versions 0.9.8o and 1.0.0a.", "upstream_fix": "openssl 1.0.1i, openssl 1.0.0n, openssl 0.9.8zb", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3507\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3507\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3507", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2973\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2973" ], "name": "CVE-2019-2973", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2796\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2796" ], "name": "CVE-2018-2796", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-11-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-843", "details": [ "psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19476\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19476" ], "name": "CVE-2018-19476", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2024-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-182|CWE-400)", "details": [ "Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2", "A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages." ], "statement": "This issue can be exploitable when the Squid request_header_max_size and reply_header_max_size configuration options have a big value, specifically, values greater than 64KB. In Squid versions prior to 6.5, the default value of these options are unsafe.\nThe Squid package as shipped in Red Hat Enterprise Linux 7, 8 and 9 has an unsafe default configuration and is vulnerable to this issue.", "upstream_fix": "squid 6.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-25617\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-25617\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr\nhttps://megamansec.github.io/Squid-Security-Audit/response-memleaks.html" ], "name": "CVE-2024-25617", "mitigation": { "value": "To mitigate this flaw in Squid versions prior to 6.5, set the request_header_max_size and reply_header_max_size configuration options to 21KB. The following lines should be added to the Squid configuration file:\n~~~\nrequest_header_max_size 21 KB\nreply_header_max_size 21 KB\n~~~\nIn Squid versions 6.5 and newer, the default values of these options are considered safe and the above configuration can be removed. Also, Squid will emit a warning in the logs if the configured values are unsafe.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-567", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4732\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4732\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4732", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2603\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2603" ], "name": "CVE-2018-2603", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-117", "details": [ "The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later." ], "upstream_fix": "squid 3.5.28, squid 4.0.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000027\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000027" ], "name": "CVE-2018-1000027", "mitigation": { "value": "A workaround for this issue is to set the \"log_uses_indirect_client off\" configuration directive in the squid configuration file (for example /etc/squid/squid.conf).", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-07-16T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21131\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21131" ], "name": "CVE-2024-21131", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability." ], "statement": "The versions of httpd package shipped with Red Hat Enterprise Linux are by default configured in prefork MPM mode, which means that this flaw can result in a crash of child process. The main web server process will not be killed. Also, though the module is loaded by default, it needs to be specifically enabled in order to be exposed to the security flaw.", "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1303\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1303" ], "name": "CVE-2018-1303", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.", "A vulnerability was discovered in Apache httpd, in mod_rewrite. Certain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers." ], "upstream_fix": "httpd 2.4.41", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10098\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10098\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2019-10098", "mitigation": { "value": "This flaw requires the use of certain Rewrite configuration directives. The following command can be used to search for possible vulnerable configurations:\ngrep -R '^\\s*Rewrite' /etc/httpd/\nSee https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-444", "details": [ "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.", "A flaw was found in squid. Due to incorrect data validation, a HTTP Request Smuggling attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity." ], "upstream_fix": "squid 4.13, squid 5.0.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15810\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15810" ], "name": "CVE-2020-15810", "mitigation": { "value": "Disable the relaxed HTTP parser in `squid.conf`:\n```\nrelaxed_header_parser off\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-319", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14781\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14781" ], "name": "CVE-2020-14781", "csaw": false }, { "threat_severity": "Low", "public_date": "2022-10-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-290", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-39399\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-39399" ], "name": "CVE-2022-39399", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14797\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14797" ], "name": "CVE-2020-14797", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-01-17T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-502", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21830\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21830" ], "name": "CVE-2023-21830", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-693", "details": [ "Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.", "Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to enable escalation of privilege via local access." ], "upstream_fix": "linux-firmware 20230804", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46329\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46329\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html" ], "name": "CVE-2022-46329", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-18T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.", "It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the \"lwres\" statement in named.conf." ], "upstream_fix": "bind 9.9.9-P2, bind 9.10.4-P2, bind 9.11.0b2, bind 9.9.9-S3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2775\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2775\nhttps://kb.isc.org/article/AA-01393/" ], "name": "CVE-2016-2775", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-07-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-22049\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22049" ], "name": "CVE-2023-22049", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations." ], "statement": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\nRed Hat Virtualization includes a vulnerable version of ruby, however the affected functionality is not used in Red Hat Virtualization or any of its dependencies. A future update may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16395\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16395\nhttps://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/" ], "name": "CVE-2018-16395", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-03-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", "A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate may be subject to a denial of service attack." ], "statement": "While Red Hat initially stated not to be directly affected by this flaw, after further investigation we found that the versions of OpenSSL as shipped in Red Hat Enterprise Linux 6, 7, and 8 are vulnerable to a denial of service attack through malicious Elliptic Curve parameters. During processing of the parameters OpenSSL will call BN_mod_sqrt() with invalid arguments, causing the process to enter an infinite loop. The invalid EC parameters can be provided to OpenSSL through X.509 certificates (used in TLS connections), through public and private keys, through certificate signing requests and other places where applications process Elliptic Curve parameters. The flaw has been rated as having a security impact of Important. A future update will address this issue in Red Hat Enterprise Linux 6, 7 and 8.", "upstream_fix": "openssl 1.0.2zd, openssl 1.1.1n, openssl 3.0.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-0778\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0778\nhttps://www.openssl.org/news/secadv/20220315.txt" ], "name": "CVE-2022-0778", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-10-17T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-502", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-22067\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22067" ], "name": "CVE-2023-22067", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-01T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack.", "A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters.", "upstream_fix": "openssl 1.0.1s, openssl 1.0.2g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0800\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0800\nhttps://access.redhat.com/articles/2176731\nhttps://www.drownattack.com/\nhttps://www.openssl.org/news/secadv/20160301.txt" ], "csaw": true, "name": "CVE-2016-0800" }, { "threat_severity": "Low", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.", "An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Emilia Käsper as the original reporter.", "upstream_fix": "openssl 1.0.2a, openssl 1.0.1m, openssl 1.0.0r, openssl 0.9.8zf", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0287\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0287\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0287", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-10-17T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-295", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-22081\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22081" ], "name": "CVE-2023-22081", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-704", "details": [ "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.", "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network." ], "statement": "For shim in Red Hat Enterprise Linux 8 & 9, is not affected as shim doesn't support any CRL processing.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-0286\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0286\nhttps://www.openssl.org/news/secadv/20230207.txt" ], "name": "CVE-2023-0286", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-07-20T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-2369\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-2369" ], "name": "CVE-2021-2369", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-30T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-772", "details": [ "The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.", "It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory." ], "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2179\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2179\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2179", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-13T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-190", "details": [ "The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.", "An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four." ], "statement": "This issue does affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates in the respective releases may address this issue.\nThis issue does affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1593\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1593" ], "name": "CVE-2015-1593", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-04-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21968\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21968" ], "name": "CVE-2023-21968", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-01-16T20:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-532", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).", "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-20945\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-20945\nhttps://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA" ], "name": "CVE-2024-20945", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-08T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.", "It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it." ], "statement": "This issue affects the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Low security impact and does not plan to address this flaw for the above components in any future security updates.\nThis issue affects the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "OpenSSL 1.0.1k, OpenSSL 1.0.0p, OpenSSL 0.9.8zd", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3570\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3570\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2014-3570", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14621\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14621" ], "name": "CVE-2020-14621", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-01T00:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-266|CWE-250)", "details": [ "It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated \"there is simply no way for anyone to gain privileges through this alleged issue.\"", "It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10143\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10143" ], "name": "CVE-2019-10143", "mitigation": { "value": "Add `su radiusd:radiusd` to all log sections in /etc/logrotate.d/radiusd.\nBy keeping SELinux in \"Enforcing\" mode, radiusd user will be limited in the directories he can write to.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-05T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.", "Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash." ], "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2177\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2177\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2177", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-01-16T20:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-20919\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-20919\nhttps://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA" ], "name": "CVE-2024-20919", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-22T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.", "A double-free flaw was found in the way PostgreSQL handled connections. An unauthenticated attacker could possibly exploit this flaw to crash the PostgreSQL backend by disconnecting at approximately the same time as the authentication time out was triggered." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Benkocs Norbert Attila as the original reporter.", "upstream_fix": "postgresql 9.4.2, postgresql 9.3.7, postgresql 9.2.11, postgresql 9.1.16, postgresql 9.0.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3165\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3165" ], "name": "CVE-2015-3165", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4872\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4872\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4872", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-674", "details": [ "Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.", "A flaw was found in Squid, which is susceptible to a Denial of Service (DoS) due to an Uncontrolled Recursion bug, specifically targeting HTTP Request parsing. Exploiting this issue involves a remote client initiating a DoS attack by sending an oversized X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This issue poses a threat to the stability and availability of the Squid service." ], "statement": "Squid configurations lacking the \"follow_x_forwarded_for\" setting are not susceptible to the vulnerability.", "upstream_fix": "squid 6.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-50269\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-50269\nhttp://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch\nhttp://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3" ], "name": "CVE-2023-50269", "mitigation": { "value": "Remove all \"follow_x_forwarded_for\" lines from squid.conf.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-12-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-126", "details": [ "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "A buffer over-read flaw was found in Squid's HTTP Message processing feature. This issue may allow attackers to perform remote denial of service." ], "statement": "The only security impact of this vulnerability is a remote denial of service. For this reason, this flaw was rated with an important, and not critical, severity.", "upstream_fix": "squid 6.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-49285\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-49285" ], "name": "CVE-2023-49285", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", "It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10198\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10198" ], "name": "CVE-2017-10198", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-08T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.", "It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key." ], "statement": "This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7.", "upstream_fix": "OpenSSL 1.0.1k, OpenSSL 1.0.0p", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0205\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0205\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2015-0205", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-1173->CWE-502", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21293\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21293" ], "name": "CVE-2022-21293", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-522", "details": [ "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.", "An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote, authenticated attacker could potentially use this flaw to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so." ], "statement": "Red Hat Satellite 5 are is in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Jeff Janes as the original reporter.", "upstream_fix": "postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postgresql 9.5.8, postgresql 9.6.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7547\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7547\nhttps://www.postgresql.org/about/news/1772/" ], "name": "CVE-2017-7547", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-822", "details": [ "PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.", "A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Heikki Linnakangas as the original reporter.", "upstream_fix": "postgresql 9.5.4, postgresql 9.4.9, postgresql 9.3.14, postgresql 9.2.18, postgresql 9.1.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5423\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5423" ], "name": "CVE-2016-5423", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2800\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2800" ], "name": "CVE-2020-2800", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-532", "details": [ "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0448\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0448\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0448", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-08T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.", "A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash." ], "upstream_fix": "bind 9.9.6-P1, bind 9.10.1-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8500\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8500\nhttps://kb.isc.org/article/AA-01216/74/CVE-2014-8500%3A-A-Defect-in-Delegation-Handling-Can-Be-Exploited-to-Crash-BIND.html" ], "name": "CVE-2014-8500", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14577\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14577" ], "name": "CVE-2020-14577", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-10-14T12:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "A flaw was found in the \"Leaf and Chain\" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.", "A flaw was found in the \"Leaf and Chain\" OCSP policy implementation in JSS' CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle." ], "statement": "Red Hat Certificate System 9.4 and above use the vulnerable policy.\nRed Hat Enterprise Satellite 6 does not ship a vulnerable version of the JSS library.", "acknowledgement": "Red Hat would like to thank Alexander Scheel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14823\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14823" ], "name": "CVE-2019-14823", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-10-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.", "A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a moderate severity.", "upstream_fix": "xorg-server 21.1.9, xwayland 23.2.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5367\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5367\nhttps://lists.x.org/archives/xorg-announce/2023-October/003430.html" ], "name": "CVE-2023-5367", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2797\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2797" ], "name": "CVE-2018-2797", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6." ], "statement": "This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "rubygems 2.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000073\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000073\nhttps://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/" ], "name": "CVE-2018-1000073", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-11-26T12:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.", "A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations." ], "statement": "This vulnerability is classified as moderate severity instead of important because it primarily affects the integrity of logging rather than directly compromising system confidentiality, availability, or functionality. While an attacker can manipulate log entries to mislead administrators or obfuscate their actions, the impact is limited to the interpretation of logs and does not inherently grant the attacker elevated privileges or direct control over the system. Additionally, the spoofing relies on administrators overlooking inconsistencies, making the success of exploitation context-dependent and less universally impactful. These factors reduce the overall risk compared to vulnerabilities that enable direct compromise or significant disruption.", "acknowledgement": "Red Hat would like to thank Matthias Gerstner (SUSE Security Team) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-52337\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-52337\nhttps://security.opensuse.org/2024/11/26/tuned-instance-create.html\nhttps://www.openwall.com/lists/oss-security/2024/11/28/1" ], "name": "CVE-2024-52337", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-11-12T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-327", "details": [ "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "In Red Hat Gluster Storage 3, PostgreSQL (embedded in rhevm-dependencies) was shipped as a part of Red Hat Gluster Storage Console that is no longer supported for use with Red Hat Gluster Storage 3.5. Red Hat Gluster Storage Web Administration is now the recommended monitoring tool for Red Hat Storage Gluster clusters.\nIn Red Hat Virtualization the manager appliance uses a vulnerable version of postgresql. Once a fix has been shipped for RHEL 8 the appliance can consume the fix via a regular yum update.", "acknowledgement": "Red Hat would like to thank Peter Eisentraut for reporting this issue.", "upstream_fix": "postgresql 13.1, postgresql 12.5, postgresql 11.10, postgresql 10.15, postgresql 9.6.20, postgresql 9.5.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25694\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25694\nhttps://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/" ], "name": "CVE-2020-25694", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.", "It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication." ], "upstream_fix": "httpd 2.4.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2161\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2161\nhttps://httpd.apache.org/security/vulnerabilities_24.html#2.4.25" ], "name": "CVE-2016-2161", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-02-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3533\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3533\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3533", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.", "It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service." ], "statement": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6, and the versions of rh-ruby24-ruby.\nThis issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.2.8, ruby 2.3.5, ruby 2.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14033\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14033\nhttps://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/" ], "name": "CVE-2017-14033", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-09-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.", "An out-of-bounds write in function ap_escape_quotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function." ], "statement": "No httpd module in Red Hat Enterprise Linux and Red Hat Software Collections pass untrusted data to ap_escape_quotes function, thus the Impact of the flaw has been set to Moderate.", "upstream_fix": "httpd 2.4.49", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-39275\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-39275" ], "name": "CVE-2021-39275", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14579\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14579" ], "name": "CVE-2020-14579", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-04-19T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400->CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21426\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21426" ], "name": "CVE-2022-21426", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-19T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.", "It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent." ], "statement": "In order to exploit this flaw, the attacker needs to have control of the forwarded agent-socket and the ability to write to the filesystem of the host running ssh-agent. Because of this restriction for successful exploitation, this issue has been rated as having Moderate security impact. A future update may address this flaw.", "upstream_fix": "openssh 7.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10009\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10009\nhttps://www.openssh.com/txt/release-7.4" ], "name": "CVE-2016-10009", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-05-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.", "An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reach an inconsistent state or cause a denial of service. A majority of BIND servers have an internally-generated TSIG session key whose name is trivially guessable, and that key exposes the vulnerability unless specifically disabled." ], "statement": "Upstream has released additional information about this flaw. Details available at: https://kb.isc.org/docs/cve-2020-8617-faq-and-supplemental-information", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tobias Klein as the original reporter.", "upstream_fix": "bind 9.11.19, bind 9.14.12, bind 9.16.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8617\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8617\nhttps://kb.isc.org/docs/cve-2020-8617" ], "name": "CVE-2020-8617", "mitigation": { "value": "BIND servers have an internally-generated TSIG session key whose name is trivially guessable, and that key exposes the vulnerability unless specifically disabled. Upstream recommends using random value in session-keyname as a workaround. This can be added to named.conf configuration file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-190", "details": [ "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3550\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3550\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3550", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-12-19T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.", "It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process." ], "statement": "In order to exploit this flaw, the attacker needs to first compromise the sandboxed privilege-separation process by using another security flaw. Because of this restriction for successful exploitation, this issue has been rated as having Low security impact.", "upstream_fix": "openssh 7.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10012\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10012\nhttps://www.openssh.com/txt/release-7.4" ], "name": "CVE-2016-10012", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-12-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.", "A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a moderate severity.", "acknowledgement": "This issue was discovered by Peter Hutterer (Red Hat).", "upstream_fix": "xorg-server 21.1.10, xwayland 23.2.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6478\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6478\nhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632\nhttps://lists.x.org/archives/xorg-announce/2023-December/003435.html" ], "name": "CVE-2023-6478", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3272\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3272" ], "name": "CVE-2017-3272", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2795\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2795" ], "name": "CVE-2018-2795", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.", "It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create temporary files and directories outside of the dedicated directory." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.2.10, ruby 2.3.7, ruby 2.4.4, ruby 2.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6914\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6914\nhttps://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/" ], "name": "CVE-2018-6914", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-460", "details": [ "Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17183\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17183" ], "name": "CVE-2018-17183", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-01-09T18:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.", "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges." ], "statement": "This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Important because it allows a local attacker to crash systemd-journald or escalate his privileges. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16864\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16864\nhttps://www.qualys.com/2019/01/09/system-down/system-down.txt" ], "name": "CVE-2018-16864", "mitigation": { "value": "To increase the time an attacker needs to exploit this flaw you could override the `StartLimitInterval=` (called StartLimitIntervalSec in newer systemd versions) and `StartLimitBurst=` settings. In this way the attack may require much longer to be successful.\nTo edit the journald service use `sudo systemctl edit systemd-journald.service` and add:\n```\n[Service]\nStartLimitInterval=120\nStartLimitBurst=3\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-09-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-401", "details": [ "By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.", "A flaw was found in the Bind package. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program." ], "statement": "This flaw affects versions 9.8.4 -> 9.16.32 of the Bind package, therefore Red Hat Enterprise Linux 6 is not affected.", "acknowledgement": "Red Hat would like to thank Maksym Odinintsev for reporting this issue.", "upstream_fix": "bind 9.16.33", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-38177\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38177\nhttps://kb.isc.org/docs/cve-2022-38177" ], "name": "CVE-2022-38177", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-10T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.", "It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions." ], "upstream_fix": "openssh 7.2p2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3115\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3115\nhttp://www.openssh.com/txt/x11fwd.adv" ], "name": "CVE-2016-3115", "mitigation": { "value": "Set X11Forwarding=no in sshd_config.\nFor authorized_keys that specify a \"command\" restriction, this issue can be mitigated by also setting the \"no-X11-forwarding\" restriction. In OpenSSH 7.2 and later, the \"restrict\" restriction can be used instead, which includes the \"no-X11-forwarding\" restriction.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se", "A vulnerability was found in X.Org. This flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46342\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46342" ], "name": "CVE-2022-46342", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2992\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2992" ], "name": "CVE-2019-2992", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-285->CWE-212", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21296\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21296" ], "name": "CVE-2022-21296", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-07T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.", "An information leak flaw was found in the way the Linux kernel's ISO9660 file system implementation accessed data on an ISO9660 image with RockRidge Extension Reference (ER) records. An attacker with physical access to the system could use this flaw to disclose up to 255 bytes of kernel memory." ], "statement": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.\nRed Hat Enterprise Linux 5 is now in Production 3 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Carl Henrik Lunde for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9584\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9584" ], "name": "CVE-2014-9584", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.", "A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request." ], "acknowledgement": "Red Hat would like to thank Internet Systems Consortium for reporting this issue. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter.", "upstream_fix": "bind 9.9.10-P2, bind 9.10.5-P2, bind 9.11.1-P2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3143\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3143\nhttps://kb.isc.org/article/AA-01503" ], "name": "CVE-2017-3143", "mitigation": { "value": "The effects of this vulnerability can be mitigated by using Access Control Lists (ACLs) that require both address range validation and use of TSIG authentication in parallel. For information on how to configure this type of compound authentication control, please see:\nhttps://kb.isc.org/article/AA-00723/0/Using-Access-Control-Lists-ACLs-with-both-addresses-and-keys.html", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35564\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35564" ], "name": "CVE-2021-35564", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-17T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-476", "details": [ "The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.", "A NULL pointer dereference flaw was found in the way the Linux kernel's Common Internet File System (CIFS) implementation handled mounting of file system shares. A remote attacker could use this flaw to crash a client system that would mount a file system share from a malicious server." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7145\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7145" ], "name": "CVE-2014-7145", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value." ], "statement": "This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the openssl098e as shipped with Red Hat Enterprise Linux 6.", "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Felix Gröbert and Ivan Fratrić (Google) as the original reporters.", "upstream_fix": "openssl 1.0.1h, openssl 1.0.0m, openssl 0.9.8za", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3470\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3470\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2014-3470", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-11-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-391", "details": [ "An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19409\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19409" ], "name": "CVE-2018-19409", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-697", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-2388\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-2388" ], "name": "CVE-2021-2388", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-01T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.", "A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5364\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5364" ], "name": "CVE-2015-5364", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-682", "details": [ "The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.", "An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client." ], "statement": "This issue does not affect the version OpenSSH as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue affects the version of OpenSSH as shipped with Red Hat Enterprise Linux 7 in a non-default configuration. For more information please refer to https://access.redhat.com/articles/2123781", "acknowledgement": "Red Hat would like to thank Qualys for reporting this issue.", "upstream_fix": "openssh 7.1p2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0777\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0777\nhttp://www.openssh.com/txt/release-7.1p2\nhttps://access.redhat.com/articles/2123781\nhttps://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt" ], "csaw": true, "name": "CVE-2016-0777", "mitigation": { "value": "1. The vulnerable roaming code can be permanently disabled by adding the\nundocumented option \"UseRoaming no\" to the system-wide configuration\nfile (usually /etc/ssh/ssh_config), or per-user configuration file\n(~/.ssh/config), or command-line (-o \"UseRoaming no\").\n2. If an OpenSSH client is disconnected from an SSH server that offers\nroaming, it prints \"[connection suspended, press return to resume]\" on\nstderr, and waits for '\\n' or '\\r' on stdin (and not on the controlling\nterminal) before it reconnects to the server; advanced users may become\nsuspicious and press Control-C or Control-Z instead, thus avoiding the\ninformation leak.\nHowever, SSH commands that use the local stdin to transfer data to the\nremote server are bound to trigger this reconnection automatically (upon\nreading a '\\n' or '\\r' from stdin). Moreover, these non-interactive SSH\ncommands (for example, backup scripts and cron jobs) commonly employ\npublic-key authentication and are therefore perfect targets for this\ninformation leak.", "lang": "en:us" } }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2945\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2945" ], "name": "CVE-2019-2945", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.", "A NULL pointer dereference flaw was found in the way Squid processes ESI responses. If Squid was used as a reverse proxy or for TLS/HTTPS interception, a malicious server could use this flaw to crash the Squid worker process." ], "upstream_fix": "squid 3.5.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4555\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4555\nhttp://www.squid-cache.org/Advisories/SQUID-2016_9.txt" ], "name": "CVE-2016-4555", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.", "A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection." ], "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2181\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2181\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2181", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-01-13T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries.", "A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service." ], "upstream_fix": "tigervnc 1.7.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5581\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5581" ], "name": "CVE-2017-5581", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-24T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-228", "details": [ "http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.", "It was found that squid did not properly handle errors when failing to parse an HTTP response, possibly leading to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "squid 4.0.7, squid 3.5.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2572\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2572\nhttp://www.squid-cache.org/Advisories/SQUID-2016_2.txt" ], "name": "CVE-2016-2572", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-08-26T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.", "It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5471\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5471" ], "name": "CVE-2014-5471", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14573\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14573" ], "name": "CVE-2020-14573", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-04-19T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-191->CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21443\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21443" ], "name": "CVE-2022-21443", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-09-08T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.", "A NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled." ], "statement": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6, JBoss Enterprise Web Server 1 and 2, and JBoss Application Platform 6.", "upstream_fix": "httpd 2.4.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3581\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3581" ], "name": "CVE-2014-3581", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T15:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-287", "details": [ "FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9497." ], "upstream_fix": "freeradius 3.0.19", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11234\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11234" ], "name": "CVE-2019-11234", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.", "A flaw was found in the Key Recovery Authority (KRA) Agent Service where it did not properly sanitize the recovery ID during a key recovery request, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code." ], "statement": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.", "acknowledgement": "This issue was discovered by Pritam Singh (Red Hat).", "upstream_fix": "pki-core 10.10.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1721\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1721" ], "name": "CVE-2020-1721", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10355\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10355" ], "name": "CVE-2017-10355", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts).", "It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3253\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3253" ], "name": "CVE-2017-3253", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3180\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3180" ], "name": "CVE-2018-3180", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-502", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2637\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2637" ], "name": "CVE-2018-2637", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-12-19T00:00:00Z", "cvss": { "cvss_base_score": "1.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "2.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.", "It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information." ], "statement": "It seems that this flaw is not practically exploitable, the leak of host private key material to the privilege-separated child processes is theoretical. No such leak was observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users. Because of the this restriction for successful exploitation, this issue has been rated as having Low security impact. A future update may address this flaw.", "upstream_fix": "openssh 7.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10011\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10011\nhttps://www.openssh.com/txt/release-7.4" ], "name": "CVE-2016-10011", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats." ], "statement": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates.\nRed Hat Virtualization includes a vulnerable version of ruby, however the affected functionality is not used in Red Hat Virtualization or any of its dependencies. A future update may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16396\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16396\nhttps://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/" ], "name": "CVE-2018-16396", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.", "It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system." ], "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2178\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2178\nhttp://eprint.iacr.org/2016/594\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2178", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14796\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14796" ], "name": "CVE-2020-14796", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-06-26T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "(CWE-125|CWE-476)", "details": [ "MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.", "A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application." ], "statement": "This issue did not affect the version of krb5 as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4342\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4342" ], "name": "CVE-2014-4342", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-193->CWE-122", "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.", "An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0469\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0469\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0469", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2816\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2816" ], "name": "CVE-2019-2816", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-04-18T20:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-358", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21967\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21967" ], "name": "CVE-2023-21967", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4733\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4733\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4733", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.", "Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid." ], "upstream_fix": "squid 3.5.17, squid 4.0.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4054\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4054\nhttp://www.squid-cache.org/Advisories/SQUID-2016_6.txt" ], "name": "CVE-2016-4054", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-10T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client." ], "statement": "This issue affects the version of tigervnc as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8240\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8240" ], "name": "CVE-2014-8240", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6." ], "statement": "This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "rubygems 2.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000079\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000079\nhttps://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/" ], "name": "CVE-2018-1000079", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-190", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14792\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14792" ], "name": "CVE-2020-14792", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-09-01T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-138", "details": [ "RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.", "It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.4.2, ruby 2.2.8, ruby 2.3.5, rubygems 2.6.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-0900\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0900\nhttp://blog.rubygems.org/2017/08/27/2.6.13-released.html" ], "name": "CVE-2017-0900", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10108\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10108" ], "name": "CVE-2017-10108", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.", "A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses." ], "statement": "This issue in OpenSSH is mitigated by the usage of SELinux in Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6210\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6210" ], "name": "CVE-2016-6210", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3606\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3606\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3606", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-05-22T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-391", "details": [ "The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.", "It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system was in a state that would cause the standard library functions to fail (for example, memory exhaustion), an authenticated user could possibly exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original reporter.", "upstream_fix": "postgresql 9.4.2, postgresql 9.3.7, postgresql 9.2.11, postgresql 9.1.16, postgresql 9.0.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3166\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3166" ], "name": "CVE-2015-3166", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.", "A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser." ], "statement": "This flaw is considered Low, because it requires the attacker to first request or predict a valid nonce. Without a valid nonce, no arbitrary HTML will be sent back to the victim's browser.", "acknowledgement": "This issue was discovered by Pritam Singh (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10146\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10146" ], "name": "CVE-2019-10146", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-06-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-611", "details": [ "Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.", "A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests." ], "acknowledgement": "Red Hat would like to thank Egor Dimitrenko (Positive Technologies) for reporting this issue.", "upstream_fix": "pki-core 10.5.19, pki-core 10.7.5, pki-core 10.8.4, pki-core 10.11.3, pki-core 10.12.5, pki-core 11.0.6, pki-core 11.1.1, pki-core 11.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2414\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2414" ], "name": "CVE-2022-2414", "mitigation": { "value": "There is no known mitigation for this issue, please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-08-28T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-228->CWE-617", "details": [ "HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\"", "A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid." ], "acknowledgement": "Red Hat would like to thank Squid project for reporting this issue. Upstream acknowledges Matthew Daley as the original reporter.", "upstream_fix": "squid 3.4.7, squid 3.3.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3609\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3609\nhttp://www.squid-cache.org/Advisories/SQUID-2014_2.txt" ], "name": "CVE-2014-3609", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10348\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10348" ], "name": "CVE-2017-10348", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2778\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2778" ], "name": "CVE-2020-2778", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-391", "details": [ "The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.", "An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code." ], "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2182\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2182\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2182", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", "It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2601\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2601\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2601", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-613", "details": [ "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded." ], "upstream_fix": "httpd 2.4.38", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17199\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17199" ], "name": "CVE-2018-17199", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-28T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.", "A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system." ], "statement": "This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this flaw.", "acknowledgement": "Red Hat would like to thank Akira Fujita (NEC) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7822\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7822" ], "name": "CVE-2014-7822", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-287", "details": [ "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.", "It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords." ], "statement": "Red Hat Satellite 5 are is in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Ben de Graaff, Jelte Fennema, and Jeroen van der Ham as the original reporters.", "upstream_fix": "postgresql 9.2.22, postgresql 9.3.18, postgresql 9.4.13, postgresql 9.5.8, postgresql 9.6.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7546\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7546\nhttps://www.postgresql.org/about/news/1772/" ], "name": "CVE-2017-7546", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.", "A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server." ], "statement": "This issue does not affect the version of openssl shipped with Red Hat Enterprise Linux 5; Red Hat JBoss Enterprise Application Server 5 and 6; and Red Hat JBoss Enterprise Web Server 1 and 2 because openssl-0.9.8e does not include support for session tickets.", "upstream_fix": "openssl 0.9.8zc, openssl 1.0.0o, openssl 1.0.1j", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3567\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3567\nhttps://www.openssl.org/news/secadv_20141015.txt" ], "name": "CVE-2014-3567", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-190", "details": [ "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository." ], "upstream_fix": "openssl 1.0.2n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3738\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3738\nhttps://www.openssl.org/news/secadv/20171207.txt" ], "name": "CVE-2017-3738", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-391", "details": [ "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected." ], "upstream_fix": "openssl 1.0.2n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3737\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3737\nhttps://www.openssl.org/news/secadv/20171207.txt" ], "name": "CVE-2017-3737", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-08T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.", "An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure." ], "upstream_fix": "krb5 1.14.1, krb5 1.13.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8629\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8629" ], "name": "CVE-2015-8629", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-862->CWE-400", "details": [ "d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.", "A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory." ], "upstream_fix": "openssl 1.0.1i, openssl 1.0.0n, openssl 0.9.8zb", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3506\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3506\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3506", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-03T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified" }, "details": [ "The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.", "It was found that when OpenSSH was used in a Kerberos environment, remote authenticated users were allowed to log in as a different user if they were listed in the ~/.k5users file of that user, potentially bypassing intended authentication restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9278\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9278" ], "name": "CVE-2014-9278", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-16T00:00:00Z", "cvss": { "cvss_base_score": "2.4", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.", "A flaw was found in the way the nft_flush_table() function of the Linux kernel's netfilter tables implementation flushed rules that were referencing deleted chains. A local user who has the CAP_NET_ADMIN capability could use this flaw to crash the system." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6 (as they did not include support for netfilter tables API).\nThis issue affects the versions of the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG 2. Future kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1573\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1573" ], "name": "CVE-2015-1573", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-21T21:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-200", "details": [ "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.", "An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/ssbd", "acknowledgement": "Red Hat would like to thank Jann Horn (Google Project Zero) and Ken Johnson (Microsoft Security Response Center) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3639\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3639\nhttps://access.redhat.com/security/vulnerabilities/ssbd\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1528\nhttps://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf\nhttps://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html" ], "csaw": true, "name": "CVE-2018-3639" }, { "threat_severity": "Moderate", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-822->CWE-125", "details": [ "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.", "An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter.", "upstream_fix": "openssl 1.0.2a, openssl 1.0.1m, openssl 1.0.0r, openssl 0.9.8zf", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0286\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0286\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0286", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-401", "details": [ "A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.", "A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash." ], "statement": "This issue affects version 219-62 of systemd as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3815\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3815" ], "name": "CVE-2019-3815", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts).", "It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5546\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5546" ], "name": "CVE-2016-5546", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).", "A flaw was found in Squid, where a remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This issue occurs because the attacker can overflow the nonce reference counter, which results in remote code execution if the pooled token credentials are freed." ], "upstream_fix": "squid 4.11, squid 5.0.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11945\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11945\nhttp://www.squid-cache.org/Advisories/SQUID-2020_4.txt" ], "name": "CVE-2020-11945", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "A vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash." ], "statement": "Samba in RHEL does not implement the AD DC role and is not built against Heimdal, thus Samba is not affected by this CVE.", "upstream_fix": "krb5 1.20.1, krb5 1.19.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-42898\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42898\nhttps://mailman.mit.edu/pipermail/krbdev/2022-November/013576.html" ], "name": "CVE-2022-42898", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2684\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2684" ], "name": "CVE-2019-2684", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-03-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.", "A memory leak flaw was found in the way TigerVNC handled client connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7396\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7396" ], "name": "CVE-2017-7396", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-28T00:00:00Z", "cvss": { "cvss_base_score": "5.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-253", "details": [ "The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.", "A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7796\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7796" ], "name": "CVE-2016-7796", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2601\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2601" ], "name": "CVE-2020-2601", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2964\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2964" ], "name": "CVE-2019-2964", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-12T17:25:00Z", "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.", "A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content." ], "statement": "This flaw is rated Moderate because the configuration setting that makes pki-core vulnerable - directory-based authentication - is disabled by default and the damage is somewhat limited to the domain where the ids are recognized (for example, in one corporation's realm). RHEL 8.7 was never affected as the fix rebased in RHEL 8.7 GA.", "acknowledgement": "This issue was discovered by Tim Bielawa (Red Hat, Inc.).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2393\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2393" ], "name": "CVE-2022-2393", "mitigation": { "value": "This flaw is not exposed if directory-based authentication is not enabled. It is not enabled by default.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-20T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.", "A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash." ], "upstream_fix": "xerces-c 3.1.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0252\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0252\nhttp://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt" ], "name": "CVE-2015-0252", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-330", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).", "It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2599\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2599" ], "name": "CVE-2018-2599", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-08T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.", "A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion." ], "acknowledgement": "This issue was discovered by Simo Sorce (Red Hat).", "upstream_fix": "krb5 1.14.1, krb5 1.13.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8631\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8631" ], "name": "CVE-2015-8631", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-07-21T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the \"openssl ts\" command.", "An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker." ], "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2180\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2180\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2180", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-01-09T18:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.", "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges." ], "statement": "This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Important because it allows an attacker to crash systemd-journald or escalate his privileges. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nRed Hat Enterprise Linux 7 ships systemd-journal-remote through the optional systemd-journal-gateway package, which is not installed, nor enabled by default.", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16865\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16865\nhttps://www.qualys.com/2019/01/09/system-down/system-down.txt" ], "name": "CVE-2018-16865", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-12T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-863", "details": [ "A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.", "A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity." ], "statement": "- Red Hat Certificate System 10.1 has been fixed via the Red Hat Enterprise Linux 8 errata RHSA-2021:0966\n- Red Hat Certificate System 10.2 and newer are not affected by this flaw", "acknowledgement": "Red Hat would like to thank Fraser Tweedale and Geetika Kapoor for reporting this issue.", "upstream_fix": "pki-core 10.5, pki-core 10.8, pki-core 10.9, pki-core 10.10, pki-core 10.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-20179\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20179" ], "name": "CVE-2021-20179", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-04-19T20:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-179", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21476\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21476" ], "name": "CVE-2022-21476", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10115\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10115" ], "name": "CVE-2017-10115", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-17T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.", "A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4171\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4171" ], "name": "CVE-2014-4171", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-325", "details": [ "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)." ], "statement": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n- The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n- the attacker has to be a MITM\n- the attacker has to be able to control the client side to send requests to the buggy server on demand", "upstream_fix": "openssl 1.0.2r", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-1559\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1559\nhttps://github.com/RUB-NDS/TLS-Padding-Oracles\nhttps://www.openssl.org/news/secadv/20190226.txt" ], "name": "CVE-2019-1559", "mitigation": { "value": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).", "It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2629\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2629" ], "name": "CVE-2018-2629", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.", "It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3427\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3427\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog" ], "name": "CVE-2016-3427", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.", "It was discovered that ghostscript did not properly handle certain stack overflow error conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document." ], "statement": "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16542\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16542" ], "name": "CVE-2018-16542", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6." ], "statement": "This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "rubygems 2.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000078\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000078\nhttps://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/" ], "name": "CVE-2018-1000078", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-26T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.", "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid. This issue may lead to a remote denial of service via gopher URL requests." ], "upstream_fix": "squid 6.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-46728\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-46728\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f\nhttps://megamansec.github.io/Squid-Security-Audit/gopher-nullpointer.html" ], "name": "CVE-2023-46728", "mitigation": { "value": "To mitigate this issue, create an access list configuration to reject all gopher URL requests:\nSet ACL directives in your squid.conf file (or equivalent) as follows:\nacl gopher proto gopher\nhttp_access deny gopher\nImportant: This sequence must be placed above any lines starting with \"http_access allow\" in your configuration.\nObservation: Some loss of performance may occur with this configuration.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).", "OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key." ], "upstream_fix": "openssl 1.1.0i, openssl 1.0.2p", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0737\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0737\nhttp://www.openwall.com/lists/oss-security/2018/04/16/3\nhttps://www.openssl.org/news/secadv/20180416.txt" ], "name": "CVE-2018-0737", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-09-04T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-444", "details": [ "An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.", "A flaw was found in squid. Due to improper validation while parsing the request URI, squid is vulnerable to HTTP request smuggling. This issue could allow a trusted client to perform an HTTP request smuggling attack and access services otherwise forbidden by squid. The highest threat from this vulnerability is to data confidentiality." ], "statement": "This flaw is not tied to a specific proxy type (e.g., forward or reverse) and has been rated as having a security impact of Important. This flaw affects the versions of Squid as shipped with Red Hat Enterprise Linux 7 and 8, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Extended Life Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "squid 4.14, squid 5.0.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25097\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25097\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6" ], "name": "CVE-2020-25097", "mitigation": { "value": "This flaw can be mitigated by setting the `uri_whitespace` directive in squid.conf to either: \n```\nuri_whitespace deny\n```\nor\n```\nuri_whitespace encode\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-390", "details": [ "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a \"protocol downgrade\" issue.", "A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions." ], "upstream_fix": "openssl 1.0.1i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3511\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3511\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3511", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts).", "It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5547\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5547" ], "name": "CVE-2016-5547", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-07-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-325", "details": [ "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.", "A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5383\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5383\nhttps://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html\nhttps://www.kb.cert.org/vuls/id/304725" ], "name": "CVE-2018-5383", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.", "An integer overflow flaw was found in the way TigerVNC handled ClientCutText messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientCutText messages, resulting in denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7395\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7395" ], "name": "CVE-2017-7395", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-04-19T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-1173", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21496\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21496" ], "name": "CVE-2022-21496", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-30T00:00:00Z", "cvss": { "cvss_base_score": "5.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:C", "status": "verified" }, "cwe": "CWE-667", "details": [ "Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.", "A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2.", "acknowledgement": "This issue was discovered by Ji Jianwen (Red Hat Engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3212\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3212" ], "name": "CVE-2015-3212", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-05-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.", "A flaw was found in BIND, where it does not sufficiently limit the number of fetches that can be performed while processing a referral response. This flaw allows an attacker to cause a denial of service attack. The attacker can also exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Anat Bremler-Barr (Interdisciplinary Center (IDC), Herzliya), and Lior Shafir and Yehuda Afek (Tel Aviv University) as the original reporters.", "upstream_fix": "bind 9.11.19, bind 9.14.12, bind 9.16.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8616\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8616\nhttps://kb.isc.org/docs/cve-2020-8616\nhttps://www.theregister.co.uk/2020/05/21/nxnaattack_bug_disclosed/" ], "name": "CVE-2020-8616", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-626", "details": [ "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.", "It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script." ], "statement": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6.", "upstream_fix": "ruby 2.2.10, ruby 2.3.7, ruby 2.4.4, ruby 2.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8779\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8779\nhttps://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/" ], "name": "CVE-2018-8779", "mitigation": { "value": "It is possible to test for presence of the NULL byte manually prior to call the affected methods.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2020-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14779\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14779" ], "name": "CVE-2020-14779", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the \"|\" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.", "It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1 and CloudForms 5. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.2.9, ruby 2.3.6, ruby 2.4.3, ruby 2.5.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17405\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17405\nhttps://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/" ], "name": "CVE-2017-17405", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35561\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35561" ], "name": "CVE-2021-35561", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-862", "details": [ "It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.", "It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access." ], "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Robert Haas as the original reporter.", "upstream_fix": "postgresql 9.2.21, postgresql 9.3.17, postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7484\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7484\nhttps://www.postgresql.org/about/news/1746/" ], "name": "CVE-2017-7484", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3214\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3214" ], "name": "CVE-2018-3214", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2799\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2799" ], "name": "CVE-2018-2799", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2988\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2988" ], "name": "CVE-2019-2988", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-567", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2579\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2579" ], "name": "CVE-2018-2579", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the \"file forwarding\" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions. By putting the special tokens `@@` and/or `@@u` in the Exec field of a Flatpak app's .desktop file, a malicious app publisher can trick flatpak into behaving as though the user had chosen to open a target file with their Flatpak app, which automatically makes that file available to the Flatpak app. This is fixed in version 1.10.2. A minimal solution is the first commit \"`Disallow @@ and @@U usage in desktop files`\". The follow-up commits \"`dir: Reserve the whole @@ prefix`\" and \"`dir: Refuse to export .desktop files with suspicious uses of @@ tokens`\" are recommended, but not strictly required. As a workaround, avoid installing Flatpak apps from untrusted sources, or check the contents of the exported `.desktop` files in `exports/share/applications/*.desktop` (typically `~/.local/share/flatpak/exports/share/applications/*.desktop` and `/var/lib/flatpak/exports/share/applications/*.desktop`) to make sure that literal filenames do not follow `@@` or `@@u`.", "A sandbox escape flaw was found in the way flatpak handled special tokens in \".desktop\" files. This flaw allows an attacker to gain access to files that are not ordinarily allowed by the app's permissions. The highest threat from this vulnerability is to confidentiality and integrity." ], "statement": "This is essentially a sandbox escape flaw and needs a malicious app publisher to execute the exploit.", "upstream_fix": "flatpak 1.10.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-21381\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21381\nhttps://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp" ], "name": "CVE-2021-21381", "mitigation": { "value": "Avoid installing Flatpak apps from untrusted sources, or check the contents of the exported .desktop files in exports/share/applications/*.desktop (typically ~/.local/share/flatpak/exports/share/applications/*.desktop and /var/lib/flatpak/exports/share/applications/*.desktop) to make sure that literal filenames do not follow @@ or @@u.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2023-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.", "An improper input validation flaw was found in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software that may allow an authenticated user to enable escalation of privilege via local access." ], "upstream_fix": "linux-firmware 20230804", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-38076\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38076\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html" ], "name": "CVE-2022-38076", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-18T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.", "It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5542\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5542\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ], "name": "CVE-2016-5542", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-08-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.", "A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later." ], "statement": "This flaw is rated as important because this flaw can easily compromise the confidentiality, integrity, or availability of resources but that allows local or authenticated users to gain additional privileges, allow unauthenticated remote users to view resources that should otherwise be protected by authentication or other controls, allow authenticated remote users to execute arbitrary code, or allow remote users to cause a denial of service. But this flaw does not easily exploit by a remote unauthenticated attacker.", "acknowledgement": "This issue was discovered by Siddharth Sharma (Red Hat Product Security).", "upstream_fix": "systemd 240", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2526\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2526" ], "name": "CVE-2022-2526", "csaw": false }, { "threat_severity": "Low", "public_date": "2022-10-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-330", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21624\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21624" ], "name": "CVE-2022-21624", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-25T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-295->CWE-287", "details": [ "An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.", "An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7562\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7562" ], "name": "CVE-2017-7562", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-12T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18284\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18284" ], "name": "CVE-2018-18284", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP.", "It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3425\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3425\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ], "name": "CVE-2016-3425", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-02-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).", "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack." ], "statement": "This is a a null pointer dereference in the X509_issuer_and_serial_hash() function, which can result in crash if called by an application compiled with OpenSSL, by passing a specially-crafted certificate. OpenSSL internally does not use this function.", "upstream_fix": "openssl 1.1.1j, openssl 1.0.2y", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23841\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23841\nhttps://www.openssl.org/news/secadv/20210216.txt" ], "name": "CVE-2021-23841", "mitigation": { "value": "As per upstream \"The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources.\"", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-121", "details": [ "An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.", "A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by tricking a user into connecting to a malicious HTTP server with an application using the libsoup HTTP client functionality." ], "statement": "This issue affects the libsoup packages as shipped with Red Hat Enterprise Linux 7. However, these packages have been compiled with additional security mitigation techniques (\"stack smashing protection\"), which makes exploitation significantly harder. Thus, in most cases an exploitation attempt should be mitigated to a mere crash. However, successful exploitation to execute arbitrary code can't be ruled out entirely.", "acknowledgement": "Red Hat would like to thank Aleksandar Nikolic (Cisco Talos) for reporting this issue.", "upstream_fix": "libsoup 2.59.90.1, libsoup 2.58.2, libsoup 2.56.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2885\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2885\nhttps://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392" ], "name": "CVE-2017-2885", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.", "A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "upstream_fix": "bind 9.9.11-P1, bind 9.10.6-P1, bind 9.10.6-S2, bind 9.11.2-P1, bind 9.9.11-S2, bind 9.12.0rc2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3145\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3145\nhttps://kb.isc.org/article/AA-01542" ], "name": "CVE-2017-3145", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.", "A double free flaw was found in the way TigerVNC handled ClientFence messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientFence messages, resulting in denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7393\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7393" ], "name": "CVE-2017-7393", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-29T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.", "A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9529\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9529" ], "name": "CVE-2014-9529", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-07-16T20:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "(CWE-125|CWE-787)", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21145\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21145" ], "name": "CVE-2024-21145", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10101\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10101" ], "name": "CVE-2017-10101", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-18T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request.", "A flaw was found in the way the Linux kernel's ext4 file system handled the \"page size > block size\" condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future updates in the respective releases may address this issue.", "acknowledgement": "This issue was discovered by Xiong Zhou (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0275\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0275" ], "name": "CVE-2015-0275", "csaw": false }, { "threat_severity": "Low", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-203", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35603\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35603" ], "name": "CVE-2021-35603", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10089\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10089" ], "name": "CVE-2017-10089", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-16T20:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-190->(CWE-125|CWE-787)", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-20918\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-20918\nhttps://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA" ], "name": "CVE-2024-20918", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.", "A denial of service flaw was found in the way OpenSSL verified certain signed messages using CMS (Cryptographic Message Syntax). A remote attacker could cause an application using OpenSSL to use excessive amounts of memory by sending a specially crafted message for verification." ], "statement": "This issue does NOT affect the version of OpenSSL package as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1792\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1792" ], "name": "CVE-2015-1792", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-377", "details": [ "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.", "It was discovered that the ghostscript did not properly restrict access to files open prior to enabling the -dSAFER mode. An attacker could possibly exploit this to bypass the -dSAFER protection and disclose the content of affected files via a specially crafted PostScript document." ], "statement": "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16539\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16539\nhttps://www.artifex.com/news/ghostscript-security-resolved/\nhttps://www.kb.cert.org/vuls/id/332928" ], "name": "CVE-2018-16539", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.", "A vulnerability was found in X.Org. This issue occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46341\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46341" ], "name": "CVE-2022-46341", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-01T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.", "A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Daniel Genkin (Technion and Tel Aviv University), Nadia Heninger (University of Pennsylvania), and Yuval Yarom (University of Adelaide and NICTA) as the original reporters.", "upstream_fix": "openssl 1.0.1s, openssl 1.0.2g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0702\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0702\nhttp://cachebleed.info/\nhttps://www.openssl.org/news/secadv/20160301.txt" ], "name": "CVE-2016-0702", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14578\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14578" ], "name": "CVE-2020-14578", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-212", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21282\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21282" ], "name": "CVE-2022-21282", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-426", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3149\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3149" ], "name": "CVE-2018-3149", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-01-17T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21835\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21835" ], "name": "CVE-2023-21835", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-07T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of \"cpw -keepold\" commands.", "A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind." ], "upstream_fix": "krb5 1.11.6, krb5 1.12.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4345\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4345\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2014-001.txt" ], "name": "CVE-2014-4345", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-06-23T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-665", "details": [ "The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.", "A flaw was found in the kernel's implementation of the Berkeley Packet Filter (BPF). A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly optimize the JIT image on the last pass. This would lead to the CPU executing instructions that were not part of the JIT code." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6 as it does not contain the affected code. This does not affect the Red Hat Enterprise MRG 2 as it does not enable the affected code at compile time.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7.", "acknowledgement": "Red Hat would like to thank Daniel Borkmann for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4700\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4700" ], "name": "CVE-2015-4700", "mitigation": { "value": "This issue does not affect most systems by default. An administrator would need to have enabled the BPF JIT to be affected.\nIt can be disabled immediately with the command:\n# echo 0 > /proc/sys/net/core/bpf_jit_enable\nOr it can be disabled for all subsequent boots of the system by setting a value in /etc/sysctl.d/44-bpf-jit-disable\n## start file ##\nnet.core.bpf_jit_enable=0\n## end file ##", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-08T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-131->CWE-200", "details": [ "The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a \"too-short\" salt.", "A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory." ], "upstream_fix": "postgresql 9.4.5, postgresql 9.3.10, postgresql 9.2.14, postgresql 9.1.19, postgresql 9.0.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5288\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5288\nhttp://www.postgresql.org/about/news/1615/" ], "name": "CVE-2015-5288", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10109\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10109" ], "name": "CVE-2017-10109", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-73", "details": [ "Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access." ], "upstream_fix": "qt 5.14.0, qt 5.12.7, qt 5.9.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0570\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0570" ], "name": "CVE-2020-0570", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-08T21:30:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "\"deny-answer-aliases\" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.", "A denial of service flaw was discovered in bind versions that include the \"deny-answer-aliases\" feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition." ], "statement": "The \"deny-answer-aliases\" configuration option is not enabled in default configurations of bind. Upstream states that this option is very rarely used. As such, if customers have not specifically enabled this option in configurations, the risk should be mitigated.", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) as the original reporter.", "upstream_fix": "bind 9.9.13-P1, bind 9.10.8-P1, bind 9.11.4-P1, bind 9.12.2-P1, bind 9.11.3-S3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5740\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5740\nhttps://kb.isc.org/article/AA-01639/74/CVE-2018-5740" ], "name": "CVE-2018-5740", "mitigation": { "value": "Disabling the \"deny-answer-aliases\" configuration option should prevent exploitation.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.", "A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9131\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9131\nhttps://kb.isc.org/article/AA-01439" ], "name": "CVE-2016-9131", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-11-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19475\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19475\nhttps://blog.semmle.com/ghostscript-CVE-2018-19475/" ], "name": "CVE-2018-19475", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-426", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3511\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3511\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3511", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-09-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-401", "details": [ "By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.", "A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program." ], "statement": "This flaw affects versions 9.9.12 -> 9.16.32 of the Bind package, therefore Red Hat Enterprise Linux 6 is not affected.", "acknowledgement": "Red Hat would like to thank Maksym Odinintsev for reporting this issue.", "upstream_fix": "bind 9.16.33, bind 9.18.7, bind 9.19.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-38178\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38178\nhttps://kb.isc.org/docs/cve-2022-38178" ], "name": "CVE-2022-38178", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-08-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \"--enable-native-pkcs11\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker", "A flaw was found in bind. An assertion failure can occur when a specially crafted query for a zone signed with an RSA key. BIND must be compiled with \"--enable-native-pkcs11\" for the system to be affected. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Lyu Chiy as the original reporter.", "upstream_fix": "bind 9.11.22, bind 9.16.6, bind 9.17.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8623\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8623\nhttps://kb.isc.org/docs/cve-2020-8623" ], "name": "CVE-2020-8623", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.", "A user enumeration vulnerability flaw was found in OpenSSH, though version 7.7. The vulnerability occurs by not delaying bailout for an invalid authenticated user until after the packet containing the request has been fully parsed. The highest threat from this vulnerability is to data confidentiality." ], "statement": "Red Hat Product Security has rated this issue as having Low severity. An attacker could use this flaw to determine whether given usernames exist or not on the server, but no further information is disclosed and there is no availability or integrity impact. A future update may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15473\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15473" ], "name": "CVE-2018-15473", "mitigation": { "value": "Configuring your firewall to limit the origin and/or rate of incoming ssh connections (using the netfilter xt_recent module) will limit the impact of this attack, as it requires a new TCP connection for each username tested. This configuration also provides some protection against brute-force attacks on SSH passwords or keys.\nSee the following article for more information on limiting access to SSHD: https://access.redhat.com/solutions/8687", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35559\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35559" ], "name": "CVE-2021-35559", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2798\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2798" ], "name": "CVE-2018-2798", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-502", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21248\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21248" ], "name": "CVE-2022-21248", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-24T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.", "Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "squid 4.0.7, squid 3.5.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2570\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2570\nhttp://www.squid-cache.org/Advisories/SQUID-2016_2.txt" ], "name": "CVE-2016-2570", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-06-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.", "A vulnerability was found in squid (Web proxy cache server). This issue occurs due to improper buffer management while processing Gopher server responses. This flaw leads to a remote denial of service or a crash if it receives specially crafted network traffic, either by mistake or a malicious actor." ], "upstream_fix": "squid 5.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-46784\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46784\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w" ], "name": "CVE-2021-46784", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2755\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2755" ], "name": "CVE-2020-2755", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows \"Write overflow in data2vp_wimax()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.", "An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet." ], "acknowledgement": "Red Hat would like to thank the FreeRADIUS project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "freeradius 3.0.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10984\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10984\nhttp://freeradius.org/security/fuzzer-2017.html" ], "name": "CVE-2017-10984", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-09T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.", "A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported." ], "upstream_fix": "openssl 1.0.2a, openssl 1.0.1m, openssl 1.0.0r, openssl 0.9.8zf", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0209\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0209\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0209", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-22T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.", "A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support." ], "statement": "TLS server applications using OpenSSL versions in Red Hat Enterprise Linux 6 and 7 are only affected if they enable OCSP stapling support. Applications not enabling OCSP stapling support are not affected. Few applications implement OCSP stapling support and typically do not enable it by default.", "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter.", "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i, openssl 1.1.0a", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6304\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6304\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-6304", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.", "An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0483\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0483\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0483", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35586\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35586" ], "name": "CVE-2021-35586", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.", "A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code." ], "upstream_fix": "openssl 1.0.1i, openssl 1.0.0n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3509\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3509\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3509", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.", "A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely." ], "upstream_fix": "httpd 2.4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0231\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0231\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2014-0231", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.", "A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request." ], "upstream_fix": "httpd 2.2.34, httpd 2.4.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7668\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7668\nhttps://httpd.apache.org/security/vulnerabilities_22.html\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-7668", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-06-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.", "A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash." ], "statement": "This issue does NOT affect the version of OpenSSL package as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1791\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1791" ], "name": "CVE-2015-1791", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-14T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.", "A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3119\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3119" ], "name": "CVE-2016-3119", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-28T12:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.", "A flaw was found in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands." ], "acknowledgement": "Red Hat would like to thank Artifex Software for reporting this issue. Upstream acknowledges Hiroki MATSUKUMA (Cyber Defense Institute) as the original reporter.", "upstream_fix": "ghostscript 9.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14812\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14812" ], "name": "CVE-2019-14812", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.", "It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory." ], "upstream_fix": "openssl 1.0.1i, openssl 1.0.0n, openssl 0.9.8zb", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3508\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3508\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3508", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.", "A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Imre Rad (Search-Lab) as the original reporter.", "upstream_fix": "openssl 1.0.1h, openssl 1.0.0m, openssl 0.9.8za", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0221\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0221\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2014-0221", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-27T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys.", "It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the add_key() function. A local attacker could use this flaw to exhaust all available memory on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "Red Hat would like to thank Canonical for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1333\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1333" ], "name": "CVE-2015-1333", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-09-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.", "A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability." ], "upstream_fix": "httpd 2.4.49", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-34798\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-34798\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2021-34798", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "(CWE-327|CWE-757)", "details": [ "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.", "It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method." ], "statement": "This issue affects versions of openssl as shipped with Red Hat Enterprise Linux 5, 6 and 7. Errata have been released to correct this issue.\nThis issue affects the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact and does not plan to address this flaw for the openssl098e component in any future security updates.\nThis issue affects the version of openssl097a as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "OpenSSL 1.0.1k, OpenSSL 1.0.0p, OpenSSL 0.9.8zd", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0204\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0204\nhttps://securityblog.redhat.com/2015/03/04/factoring-rsa-export-keys-freak-cve-2015-0204/\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2015-0204", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the \"Dragonblood\" attack and CVE-2019-9494.", "An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks." ], "statement": "This issue did not affect the versions of freeradius as shipped with Red Hat Enterprise Linux 5, and 6 as they did not include support for EAP-pwd.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13456\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13456" ], "name": "CVE-2019-13456", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-12-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).", "A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability." ], "statement": "This is a flaw in the GENERAL_NAME_cmp function of openssl which can be triggered when both its arguments are of the same type i.e. EDIPARTYNAME. \n1. Red Hat does not ship any applications compiled with openssl, which used the above function in a vulnerable way.\n2. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes, when comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate and when verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token). If an attacker can control both items being compared then that attacker could trigger a crash. For example, if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then a crash may be triggered.\nThird party applications compiled with openssl using the function GENERAL_NAME_cmp in a vulnerable way are affected by this flaw.\nGENERAL_NAME_cmp was added in 0.9.8k, therefore older versions of openssl are not affected by this flaw.", "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges David Benjamin (Google) as the original reporter.", "upstream_fix": "openssl 1.1.1i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1971\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1971\nhttps://www.openssl.org/news/secadv/20201208.txt" ], "name": "CVE-2020-1971", "mitigation": { "value": "Applications not using the GENERAL_NAME_cmp of openssl are not vulnerable to this flaw. Even when this function is used, if the attacker can control both the arguments of this function, only then the attacker could trigger a crash.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-18T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.", "A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter.", "upstream_fix": "openssl 1.0.1s, openssl 1.0.2g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0705\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0705" ], "name": "CVE-2016-0705", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-24T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-787", "details": [ "In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename." ], "statement": "The \"FilesMatch\" directive is not enabled in the default httpd configuration as shipped with Red Hat Enterprise Linux, and needs to be explicitly enabled. Therefore this flaw has no impact on the default versions of the httpd package as shipped with Red Hat Enterprise Linux.\nRed Hat Satellite 6 uses Red Hat Enterprise Linux 7's httpd package, and enables the \"FilesMatch\" directive. However, this is not believed to have an impact on security, as, in the context of a Satellite, no one is expected to have the ability to modify file names in the concerned directories. This is not considered as a vector for attack.", "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15715\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15715\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-15715", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-28T12:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.", "A flaw was found in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands." ], "acknowledgement": "Red Hat would like to thank Artifex Software for reporting this issue. Upstream acknowledges Hiroki MATSUKUMA (Cyber Defense Institute) as the original reporter.", "upstream_fix": "ghostscript 9.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14813\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14813" ], "name": "CVE-2019-14813", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.", "A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Brian Carpenter as the original reporter.", "upstream_fix": "openssl 1.0.2a, openssl 1.0.1m, openssl 1.0.0r, openssl 0.9.8zf", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0288\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0288\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0288", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2800\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2800" ], "name": "CVE-2018-2800", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.", "It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8602\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8602" ], "name": "CVE-2016-8602", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.", "It was discovered that the ghostscript .tempfile function did not properly handle file permissions. An attacker could possibly exploit this to exploit this to bypass the -dSAFER protection and delete files or disclose their content via a specially crafted PostScript document." ], "acknowledgement": "Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15908\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15908\nhttp://seclists.org/oss-sec/2018/q3/142" ], "name": "CVE-2018-15908", "mitigation": { "value": "Please see https://bugzilla.redhat.com/show_bug.cgi?id=1619748#c3", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." ], "upstream_fix": "tigervnc 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15695\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15695" ], "name": "CVE-2019-15695", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3458\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3458\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3458", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-266", "details": [ "Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.", "An incomplete fix for CVE-2017-5226 was found in flatpak. A sandbox bypass flaw was found in the way bubblewrap, which is used for sandboxing flatpak applications handled the TIOCSTI ioctl. A malicious flatpak application could use this flaw to inject commands into the controlled terminal of the host after the flatpak applications exits. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This flaw can be exploited by malicious flatpak applications which include the code to exploit the wrong handling of the TIOCSTI ioctl (AV:L). No special action is needed to be performed by the attacker just having the exploit code should be enough for bypassing the sandbox restrictions (AC:L), Also the applications needs to be downloaded and run by the victim (PR:L). The flaw results in code being executed on the host system which is running the sandboxed application therefore this affects the host beyond the sandboxed application (S:C). Lastly considering the worst scenario in which the flatpak is run as root on the host system, this flaw can result in the malicious application running code as root on the host system (CIA:H).", "upstream_fix": "flatpak 1.3.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10063\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10063" ], "name": "CVE-2019-10063", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-28T00:00:00Z", "cvss": { "cvss_base_score": "5.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.", "A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7795\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7795" ], "name": "CVE-2016-7795", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-08-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).", "It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a Denial of Service attack, or possibly, memory disclosure. The highest threat from this vulnerability is to data confidentiality and system availability." ], "statement": "The following Red Hat products do not ship the affected OpenSSL component but rely on the Red Hat Enterprise Linux to consume them:\n* Red Hat Satellite\n* Red Hat Update Infrastructure\n* Red Hat CloudForms\nThe Red Hat Advanced Cluster Management for Kubernetes is using the vulnerable version of the library, however the vulnerable code path is not reachable.", "acknowledgement": "Upstream acknowledges the OpenSSL project (Ingo Schwarze) as the original reporter.", "upstream_fix": "openssl 1.1.1l", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3712\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3712\nhttps://www.openssl.org/news/secadv/20210824.txt" ], "name": "CVE-2021-3712", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4844\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4844\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4844", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-10-18T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573.", "It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5582\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5582\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ], "name": "CVE-2016-5582", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3150\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3150" ], "name": "CVE-2018-3150", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.\nThis issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.", "A flaw was found in the Bind package. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size. Depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly." ], "statement": "Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key, only network access to the control channel’s configured TCP port is necessary.", "upstream_fix": "bind 9.16.44, bind 9.18.19, bind 9.19.17, bind 9.16.44-S1, bind 9.18.19-S1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-3341\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3341" ], "name": "CVE-2023-3341", "mitigation": { "value": "By default, named only allows control-channel connections over the loopback interface, making this attack impossible to carry out over the network. When enabling remote access to the control channel’s configured TCP port, care should be taken to limit such access to trusted IP ranges on the network level, effectively preventing unauthorized parties from carrying out the attack described in this advisory.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-04-20T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-377", "details": [ "The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3149\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3149" ], "name": "CVE-2015-3149", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-07-16T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-400", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21144\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21144" ], "name": "CVE-2024-21144", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-28T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.", "A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacker could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication." ], "upstream_fix": "openssl 1.0.1q, openssl 1.0.2e", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3194\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3194\nhttps://openssl.org/news/secadv/20151203.txt" ], "name": "CVE-2015-3194", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.", "A vulnerability was found in X.Org. The issue occurs because the handler for the XIChangeProperty request has a length-validation issue, resulting in out-of-bounds memory reads and potential information disclosure. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46344\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46344" ], "name": "CVE-2022-46344", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-09T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.", "A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.9.8-P4, bind 9.10.3-P4, bind 9.9.8-S6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1286\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1286\nhttps://kb.isc.org/article/AA-01353" ], "name": "CVE-2016-1286", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-04-23T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.", "A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data." ], "upstream_fix": "openssl 1.0.1t, openssl 1.0.2h", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2109\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2109\nhttps://openssl.org/news/secadv/20160503.txt" ], "name": "CVE-2016-2109", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.", "It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0475\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0475\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0475", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-19T20:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21541\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21541" ], "name": "CVE-2022-21541", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-04-18T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21939\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21939" ], "name": "CVE-2023-21939", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2590\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2590" ], "name": "CVE-2020-2590", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-05-28T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.", "A regression was found in the ssleay_rand_bytes() function in the versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7. This regression could cause a multi-threaded application to crash." ], "statement": "This issue does not affect the version of OpenSSL package as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3216\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3216" ], "name": "CVE-2015-3216", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-06-05T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment." ], "statement": "This issue does not affect the version of openssl as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6.", "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Jüri Aedla as the original reporter.", "upstream_fix": "openssl 1.0.1h, openssl 1.0.0m, openssl 0.9.8za", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0195\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0195\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2014-0195", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.", "A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code." ], "upstream_fix": "squid 3.5.17, squid 4.0.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4051\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4051\nhttp://www.squid-cache.org/Advisories/SQUID-2016_5.txt" ], "name": "CVE-2016-4051", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2975\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2975" ], "name": "CVE-2019-2975", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-08T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.", "A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server." ], "statement": "This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7.", "upstream_fix": "OpenSSL 1.0.1k, OpenSSL 1.0.0p", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0206\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0206\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2015-0206", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.", "It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters.", "upstream_fix": "openssl 1.0.2a, openssl 1.0.1m, openssl 1.0.0r, openssl 0.9.8zf", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0703\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0703\nhttps://www.openssl.org/news/secadv/20160301.txt" ], "name": "CVE-2016-0703", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-03-19T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.", "A NULL pointer dereference flaw was found in ghostscript's mem_get_bits_rectangle function. A specially crafted postscript document could cause a crash in the context of the gs process." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7207\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7207" ], "name": "CVE-2017-7207", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2790\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2790" ], "name": "CVE-2018-2790", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-471", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2604\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2604\nhttps://www.oracle.com/technetwork/java/javase/11-0-6-oracle-relnotes-5813175.html\nhttps://www.oracle.com/technetwork/java/javase/13-0-2-relnotes-5812268.html\nhttps://www.oracle.com/technetwork/java/javase/8u241-relnotes-5813177.html\nhttps://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_251" ], "name": "CVE-2020-2604", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.", "An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4556\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4556\nhttp://www.squid-cache.org/Advisories/SQUID-2016_9.txt" ], "name": "CVE-2016-4556", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10090\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10090" ], "name": "CVE-2017-10090", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-11-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-1285|CWE-129|CWE-786|CWE-823)", "details": [ "Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.", "A flaw was found in Squid. Due to an improper validation of the specified index bug, Squid compiled using `--with-openssl` is vulnerable to a denial of service attack against SSL Certificate validation. This flaw allows a remote server to perform a denial of service against the Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump." ], "upstream_fix": "squid 6.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-46724\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-46724\nhttp://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch\nhttp://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch\nhttps://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3" ], "name": "CVE-2023-46724", "mitigation": { "value": "Disable the use of SSL-Bump features:\n- Remove all ssl-bump options from http_port and https_port\n- Remove all ssl_bump directives from squid.conf", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21294\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21294" ], "name": "CVE-2022-21294", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.", "A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a moderate severity.", "acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.", "upstream_fix": "xorg-server 21.1.11, xwayland 23.2.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21886\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21886" ], "name": "CVE-2024-21886", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-770", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4893\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4893\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4893", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-07-16T20:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21140\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21140" ], "name": "CVE-2024-21140", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2756\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2756" ], "name": "CVE-2020-2756", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.", "It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates." ], "acknowledgement": "This issue was discovered by Christina Fu (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7537\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7537" ], "name": "CVE-2017-7537", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-674->CWE-400", "details": [ "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)." ], "upstream_fix": "openssl 1.1.0h, openssl 1.0.2o", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0739\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0739\nhttps://www.openssl.org/news/secadv/20180327.txt" ], "name": "CVE-2018-0739", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4734\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4734\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4734", "csaw": false }, { "threat_severity": "Low", "public_date": "2013-10-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states \"this is not a security issue in httpd as such.\"", "A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers." ], "statement": "This issue affects the versions of the httpd package as shipped with Red Hat JBoss Enterprise Application Platform 6; and Red Hat JBoss Web Server 2. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nRed Hat Certificate System does not use the mod_headers module, even when installed, and is thus not affected by this flaw.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat JBoss Enterprise Application Platform 5 and Red Hat JBoss Web Server 1 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/", "upstream_fix": "httpd 2.2.29, httpd 2.4.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-5704\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-5704" ], "name": "CVE-2013-5704", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14562\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14562" ], "name": "CVE-2020-14562", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-11-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-444", "details": [ "GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\\0' characters at the end of header names are ignored, i.e., a \"Transfer-Encoding\\0: chunked\" header is treated the same as a \"Transfer-Encoding: chunked\" header.", "A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, `Transfer-Encoding: chunked` is equivalent to `Transfer-Encoding\\x00: chunked`. This issue allows request smuggling when Libsoup is used in a service behind a reverse proxy that forwards null bytes without stripping them." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-52530\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-52530\nhttps://gitlab.gnome.org/GNOME/libsoup/-/issues/377\nhttps://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/402\nhttps://gitlab.gnome.org/Teams/Releng/security/-/wikis/home" ], "name": "CVE-2024-52530", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-90", "details": [ "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5730\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5730" ], "name": "CVE-2018-5730", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-04-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.", "A flaw was found in bind. The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail. The highest threat from this flaw is to system availability." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Siva Kakarla as the original reporter.", "upstream_fix": "bind 9.11.30, bind 9.16.14, bind 9.17.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-25215\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-25215\nhttps://kb.isc.org/docs/cve-2021-25215" ], "name": "CVE-2021-25215", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-06-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.\nIt has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.", "A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly." ], "acknowledgement": "Upstream acknowledges Anat Bremler-Barr (Tel-Aviv University), Shoham Danino (Reichman University), Yehuda Afek (Tel-Aviv University), and Yuval Shavitt (Tel-Aviv University) as the original reporters.", "upstream_fix": "bind 9.16.42, bind 9.18.16, bind 9.19.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-2828\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2828\nhttps://kb.isc.org/docs/cve-2023-2828" ], "name": "CVE-2023-2828", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-672", "details": [ "Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.", "A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory." ], "upstream_fix": "openssl 1.0.1i, openssl 1.0.0n, openssl 0.9.8zb", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3505\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3505\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3505", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-18T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX.", "A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5554\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5554\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ], "name": "CVE-2016-5554", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-08-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.", "A flaw was found in bind. An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Dave Feldman (Oracle), Jeff Warren (Oracle), and Joel Cunningham (Oracle) as the original reporters.", "upstream_fix": "bind 9.11.22, bind 9.16.6, bind 9.17.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8622\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8622\nhttps://kb.isc.org/docs/cve-2020-8622" ], "name": "CVE-2020-8622", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-131->CWE-674", "details": [ "Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.", "A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input." ], "upstream_fix": "postgresql 9.4.5, postgresql 9.3.10, postgresql 9.2.14, postgresql 9.1.19, postgresql 9.0.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5289\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5289\nhttp://www.postgresql.org/about/news/1615/" ], "name": "CVE-2015-5289", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2641\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2641" ], "name": "CVE-2018-2641", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6." ], "statement": "This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "rubygems 2.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000074\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000074\nhttps://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/" ], "name": "CVE-2018-1000074", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-07-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-2341\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-2341" ], "name": "CVE-2021-2341", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "A flaw was found in the boundary checks in the java.nio buffer classes in the Libraries component of OpenJDK, where it is bypassed in certain cases. This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2803\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2803" ], "name": "CVE-2020-2803", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.", "A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients." ], "statement": "This flaw affects applications that are compiled against OpenSSL or GnuTLS and do not allocate an extra thread for processing ClientHello messages. Nginx is affected by this issue; Apache httpd is not affected by this issue. This issue has been rated as having a security impact of Moderate. It requires an attacker to send a very large amount of SSL ALERT messages to the host network connection. This issue can also be mitigated by configuring firewalls to limit the number of connections per IP address, or use deep packet inspection to reject these type of alert packets. A future update may address this issue.", "acknowledgement": "Red Hat would like to thank Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8610\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8610\nhttp://security.360.cn/cve/CVE-2016-8610" ], "name": "CVE-2016-8610", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-04-01T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-393", "details": [ "arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.", "A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system." ], "statement": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and\nmaintenance life cycle. This has been rated as having Low security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat Enterprise Linux Life\nCycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2830\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2830" ], "name": "CVE-2015-2830", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-03T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.", "A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) call the gss_process_context_token() function could use this flaw to crash that application." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank MIT Kerberos project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5352\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5352\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt" ], "name": "CVE-2014-5352", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6." ], "statement": "This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "rubygems 2.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000076\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000076\nhttps://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/" ], "name": "CVE-2018-1000076", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35578\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35578" ], "name": "CVE-2021-35578", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2745\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2745" ], "name": "CVE-2019-2745", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14782\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14782" ], "name": "CVE-2020-14782", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.", "It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0466\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0466\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0466", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versions from 0.11.4 and before fixed versions 1.8.5 and 1.10.0. The Flatpak portal D-Bus service (`flatpak-portal`, also known by its D-Bus service name `org.freedesktop.portal.Flatpak`) allows apps in a Flatpak sandbox to launch their own subprocesses in a new sandbox instance, either with the same security settings as the caller or with more restrictive security settings. For example, this is used in Flatpak-packaged web browsers such as Chromium to launch subprocesses that will process untrusted web content, and give those subprocesses a more restrictive sandbox than the browser itself. In vulnerable versions, the Flatpak portal service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is not in a sandbox. As a workaround, this vulnerability can be mitigated by preventing the `flatpak-portal` service from starting, but that mitigation will prevent many Flatpak apps from working correctly. This is fixed in versions 1.8.5 and 1.10.0.", "A flaw was found in Flatpak. The Flatpak portal D-Bus service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is outside the sandbox. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank Simon McVittie (Collabora Ltd.) for reporting this issue.", "upstream_fix": "flatpak 1.8.5, flatpak 1.10.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-21261\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21261\nhttps://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2" ], "name": "CVE-2021-21261", "mitigation": { "value": "This vulnerability can be mitigated by preventing the flatpak-portal service from starting. Please note that this mitigation may prevent other Flatpak apps from working correctly.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-03-12T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-120", "details": [ "The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.", "A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AES-GCM mode IPSec security association." ], "statement": "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5.\nThis issue affects the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates\nfor Red Hat Enterprise Linux 6 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3331\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3331" ], "name": "CVE-2015-3331", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-94", "details": [ "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.", "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent." ], "statement": "This issue is marked as Important as we successfully identified that it can do a Remote Code Execution atleast at some circumstances in Red Hat Enterprise Linux 6, 7, 8 and 9 and It can easily compromise the confidentiality, integrity or availability of resources.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-38408\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-38408\nhttps://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt" ], "name": "CVE-2023-38408", "mitigation": { "value": "Remote exploitation required that a user establishes an SSH connection to a compromised or malicious SSH server with agent forwarding enabled. The agent forwarding is disabled by default. Review your ssh client configuration files for the use of ForwardAgent configuration directive and invocations of ssh client for the use of -A command line argument to see if agent forwarding is enabled for specific connections.\nExploitation can also be prevented by starting ssh-agent(1) with an empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that contains only specific provider libraries.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2023-04-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-158", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21937\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21937" ], "name": "CVE-2023-21937", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-01T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-697->CWE-297", "details": [ "Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.", "It was found that Squid configured with client-first SSL-bump did not correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a Squid server using a specially crafted X.509 certificate." ], "statement": "This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 5 and 6.", "upstream_fix": "squid 3.5.4, squid 3.4.13, squid 3.3.14, squid 3.2.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3455\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3455\nhttp://www.squid-cache.org/Advisories/SQUID-2015_1.txt" ], "name": "CVE-2015-3455", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-02T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.", "A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Hanno Böck as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5722\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5722\nhttps://kb.isc.org/article/AA-01287/0" ], "name": "CVE-2015-5722", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-07-16T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21138\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21138" ], "name": "CVE-2024-21138", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2633\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2633" ], "name": "CVE-2018-2633", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-26T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-77", "details": [ "Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile (%pipe%\" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.", "It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-8291\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8291\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog" ], "name": "CVE-2017-8291", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage." ], "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1301\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1301\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2018-1301", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-01T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-601", "details": [ "In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.", "A flaw was found in Apache HTTP Server (httpd) versions 2.4.0 to 2.4.41. Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirected instead to an unexpected URL within the request URL." ], "statement": "This issue only affects httpd versions between 2.4.0 and 2.4.41. Therefore Red Hat Enterprise Linux 5 and 6 are not affected by this flaw.", "upstream_fix": "httpd 2.4.42", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1927\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1927\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2020-1927", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.", "An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "openssl 1.0.1t, openssl 1.0.2h", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2105\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2105\nhttps://openssl.org/news/secadv/20160503.txt" ], "name": "CVE-2016-2105", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-11-10T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-476", "details": [ "The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.", "A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by Liu Wei (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7841\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7841" ], "name": "CVE-2014-7841", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2698\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2698" ], "name": "CVE-2019-2698", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-11-14T06:30:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-221", "details": [ "Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.", "A flaw was found in some of AMD CPU's due to improper or unexpected behavior of the INVD. This issue may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU, potentially leading to a loss of guest virtual machine (VM) memory integrity." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-20592\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20592\nhttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-3005.html" ], "name": "CVE-2023-20592", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10053\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10053" ], "name": "CVE-2017-10053", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-24T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all." ], "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15710\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15710\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-15710", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-04-18T20:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21954\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21954" ], "name": "CVE-2023-21954", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-09T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-460", "details": [ "Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18073\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18073" ], "name": "CVE-2018-18073", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-15T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.", "It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Carl Henrik Lunde for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9420\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9420" ], "name": "CVE-2014-9420", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-11-12T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-89", "details": [ "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "In Red Hat Gluster Storage 3, PostgreSQL (embedded in rhevm-dependencies) was shipped as a part of Red Hat Gluster Storage Console that is no longer supported for use with Red Hat Gluster Storage 3.5. Red Hat Gluster Storage Web Administration is now the recommended monitoring tool for Red Hat Storage Gluster clusters.\nIn Red Hat Virtualization the manager appliance uses a vulnerable version of postgresql. Once a fix has been shipped for RHEL 8 the appliance can consume the fix via a regular yum update.", "acknowledgement": "Red Hat would like to thank Etienne Stalmans for reporting this issue.", "upstream_fix": "postgresql 13.1, postgresql 12.5, postgresql 11.10, postgresql 10.15, postgresql 9.6.20, postgresql 9.5.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25695\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25695\nhttps://staaldraad.github.io/post/2020-12-15-cve-2020-25695-postgresql-privesc/\nhttps://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/" ], "name": "CVE-2020-25695", "mitigation": { "value": "While promptly updating PostgreSQL is the best remediation for most users, a user unable to do that can work around the vulnerability by disabling autovacuum and not manually running ANALYZE, CLUSTER, REINDEX, CREATE INDEX, VACUUM FULL, REFRESH MATERIALIZED VIEW, or a restore from output of the pg_dump command. Performance may degrade quickly under this workaround.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3231\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3231" ], "name": "CVE-2017-3231", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.", "A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Emilia Käsper (the OpenSSL development team) and Sean Burford (Google) as the original reporters.", "upstream_fix": "openssl 1.0.2a, openssl 1.0.1m, openssl 1.0.0r, openssl 0.9.8zf", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0293\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0293\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0293", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.", "Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid." ], "upstream_fix": "squid 3.5.17, squid 4.0.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4053\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4053\nhttp://www.squid-cache.org/Advisories/SQUID-2016_6.txt" ], "name": "CVE-2016-4053", "csaw": false }, { "threat_severity": "Low", "public_date": "2022-10-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-192", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21619\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21619" ], "name": "CVE-2022-21619", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.", "It has been discovered that the mod_session module of Apache HTTP Server (httpd), through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a \"Session\" header." ], "statement": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include mod_session module.", "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1283\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1283" ], "name": "CVE-2018-1283", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-11-10T13:55:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.", "A flaw was found in the firmware of some Intel Bluetooth devices. This may allow an unauthenticated attacker within Bluetooth range to overflow a buffer and corrupt memory leading to a crash or privilege escalation." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12321\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12321\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403.html" ], "name": "CVE-2020-12321", "mitigation": { "value": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.\nAlternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts).", "It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3252\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3252" ], "name": "CVE-2017-3252", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-04-19T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-470", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21434\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21434" ], "name": "CVE-2022-21434", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3508\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3508\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3508", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-26T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.", "Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application." ], "statement": "The original issue fixed by OpenSSL upstream contains two distinct fixes. The first one is a format string flaw in the internal fmtstr functions, which may result in a OOB read flaw when printing very large string. This issue was assigned CVE-2016-0799\nThe second issue relates to the internal doapr_outch function of OpenSSL. It can result in an OOB write, or cause memory leaks. This issue has been assigned CVE-2016-2842 by MITRE as is now tracked as https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2842", "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "openssl 1.0.1s, openssl 1.0.2g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0799\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0799" ], "name": "CVE-2016-0799", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-662->CWE-122", "details": [ "Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.", "A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the \"apache\" user." ], "upstream_fix": "httpd 2.4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0226\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0226\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2014-0226", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-30T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue." ], "statement": "This flaw is related to the design of the RC4 protocol and not its implementation. Therefore there are no plans to correct this issue in Red Hat Enterprise Linux 5, 6 and 7. Future updates may disable the use of RC4 in various components.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2808\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2808\nhttp://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf" ], "name": "CVE-2015-2808", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-28T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g." ], "statement": "This flaw only exhibits itself when:\n1. OpenSSL is used to display details of a local or a remote certificate.\n2. The certificate contains the uncommon RFC 3779 IPAddressFamily extension.\nThe maximum impact of this flaw is garbled information being displayed, there is no impact on the availability of service using such a certificate. Also this flaw can NOT be used to create specially-crafted certificates. Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "openssl 1.0.2m, openssl 1.1.0g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3735\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3735\nhttps://www.openssl.org/news/secadv/20170828.txt" ], "name": "CVE-2017-3735", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10346\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10346" ], "name": "CVE-2017-10346", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-03-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.", "It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record." ], "statement": "The Red Hat Security Response Team has rated this issue as having Moderate security impact. This issue is not planned to be fixed in Red Hat Enterprise Linux 5 as it is now in Production 3 Phase of the support and maintenance life cycle, https://access.redhat.com/support/policy/updates/errata/", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2653\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2653" ], "name": "CVE-2014-2653", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3526\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3526\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3526", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2977\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2977" ], "name": "CVE-2019-2977", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35550\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35550" ], "name": "CVE-2021-35550", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "status": "verified" }, "cwe": "CWE-126", "details": [ "A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.", "A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "upstream_fix": "xorg-server 21.1.12, xwayland 23.2.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-31081\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-31081" ], "name": "CVE-2024-31081", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-13T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host." ], "statement": "Since the 5.8.3 release, Red Hat CloudForms no longer uses libtomcrypt.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0495\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0495\nhttps://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/" ], "name": "CVE-2018-0495", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.", "A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the \"DEFLATE\" input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system." ], "upstream_fix": "httpd 2.4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0118\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0118\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2014-0118", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2983\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2983" ], "name": "CVE-2019-2983", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-04-16T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-787", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.\nNote: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21094\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21094\nhttps://www.oracle.com/security-alerts/cpuapr2024.html#AppendixJAVA" ], "name": "CVE-2024-21094", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10345\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10345" ], "name": "CVE-2017-10345", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2786\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2786" ], "name": "CVE-2019-2786", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-12T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.", "A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.9.9-P8, bind 9.10.4-P8, bind 9.11.0-P5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3137\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3137\nhttps://kb.isc.org/article/AA-01466" ], "name": "CVE-2017-3137", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." ], "upstream_fix": "tigervnc 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15694\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15694" ], "name": "CVE-2019-15694", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.", "A flaw was found in squid. A denial of service attack is possible due to an improper input validation. The highest threat from this vulnerability is to system availability." ], "upstream_fix": "squid 4.13, squid 5.0.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-24606\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-24606\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg" ], "name": "CVE-2020-24606", "mitigation": { "value": "Add the no-digest option to all cache_peer lines in squid.conf", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-07-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-22036\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22036" ], "name": "CVE-2023-22036", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-03-07T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-113", "details": [ "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\nConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\nor ProxyPassMatch in which a non-specific pattern matches\nsome portion of the user-supplied request-target (URL) data and is then\nre-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\nRewriteEngine on\nRewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P]\nProxyPassReverse /here/ http://example.com:8080/\nRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.", "A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution." ], "upstream_fix": "httpd 2.4.56", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25690\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25690\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2023-25690", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-08-26T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.", "It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5472\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5472" ], "name": "CVE-2014-5472", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-672", "details": [ "TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15691\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15691" ], "name": "CVE-2019-15691", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6." ], "statement": "This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "rubygems 2.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000077\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000077\nhttps://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/" ], "name": "CVE-2018-1000077", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2757\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2757" ], "name": "CVE-2020-2757", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10281\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10281" ], "name": "CVE-2017-10281", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.", "A flaw was found in squid. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy." ], "statement": "Although the squid packages for Red Hat Enterprise Linux 6 through 8 are affected, they are compiled with FORTIFY_SOURCE, which in this case limits the impact of the buffer overflow to an application termination. This only affects deployments acting as reverse proxy with a http_port 'accel' or 'vhost' (squid 2.x and 3.x) or http_port 'accel' configuration (squid 4.x).", "upstream_fix": "squid 4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8450\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8450" ], "name": "CVE-2020-8450", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.", "A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet." ], "acknowledgement": "Red Hat would like to thank Internet Systems Consortium for reporting this issue. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter.", "upstream_fix": "bind 9.9.10-P2, bind 9.10.5-P2, bind 9.11.1-P2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3142\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3142\nhttps://kb.isc.org/article/AA-01504" ], "name": "CVE-2017-3142", "mitigation": { "value": "The effects of this vulnerability can be mitigated by using Access Control Lists (ACLs) that require both address range validation and use of TSIG authentication in parallel. For information on how to configure this type of compound authentication control, please see:\nhttps://kb.isc.org/article/AA-00723/0/Using-Access-Control-Lists-ACLs-with-both-addresses-and-keys.html", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-04T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.", "It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7979\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7979" ], "name": "CVE-2016-7979", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "A flaw was found in the TLS/SSL implementation in the JSSE component of OpenJDK, where it did not properly handle application data packets received before the handshake completion. This flaw allowed unauthorized injection of data at the beginning of a TLS session." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2816\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2816" ], "name": "CVE-2020-2816", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." ], "upstream_fix": "tigervnc 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15693\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15693" ], "name": "CVE-2019-15693", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-117", "details": [ "The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.", "It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 5, 6, and 7, as well as the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.2.8, ruby 2.3.5, ruby 2.4.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10784\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10784\nhttps://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/" ], "name": "CVE-2017-10784", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-02-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Greg Stark and Tom Lane as the original reporters.", "upstream_fix": "postgresql 9.5.1, postgresql 9.4.6, postgresql 9.3.11, postgresql 9.2.15, postgresql 9.1.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0773\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0773" ], "name": "CVE-2016-0773", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).", "It was discovered that the wsdlimport tool in the JAX-WS component of OpenJDK did not use secure XML parser settings when parsing WSDL XML documents. A specially crafted WSDL document could cause wsdlimport to use an excessive amount of CPU and memory, open connections to other hosts, or leak information." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10243\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10243\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA" ], "name": "CVE-2017-10243", "csaw": false }, { "threat_severity": "Low", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35588\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35588" ], "name": "CVE-2021-35588", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.", "It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server's headers, could force WEBrick into injecting additional headers to a client." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.2.10, ruby 2.3.7, ruby 2.4.4, ruby 2.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17742\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17742\nhttps://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/" ], "name": "CVE-2017-17742", "mitigation": { "value": "The server can manually sanitize possibly untrusted headers prior to inserting them in the reply.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-04-20T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-2163\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-2163" ], "name": "CVE-2021-2163", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-24T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-454", "details": [ "The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.", "It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets." ], "statement": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may\naddress this issue.\nRed Hat Enterprise Linux 5 is now in Production 3 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2922\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2922" ], "name": "CVE-2015-2922", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-120", "details": [ "Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.", "An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges David Ramos and Robert Dugal as the original reporters.", "upstream_fix": "openssl 1.0.1h, openssl 1.0.0m, openssl 0.9.8za", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0292\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0292\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0292", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.", "Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to enable escalation of privilege via local access." ], "statement": "Please contact your OEM support group to obtain the correct driver version.", "upstream_fix": "linux-firmware 20230804", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-27635\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-27635\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html" ], "name": "CVE-2022-27635", "mitigation": { "value": "UEFI firmware to version 3.2.20.23023 (includes versions 2.2.20.23023 and 1.2.20.23023)or later.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2024-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "status": "verified" }, "cwe": "CWE-126", "details": [ "A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.", "A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads." ], "statement": "The Xorg server is not configured to run with root privileges in Red Hat Enterprise Linux 8 and 9. Consequently, these versions have been assigned a Moderate severity rating.", "upstream_fix": "xorg-server 21.1.12, xwayland 23.2.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-31080\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-31080" ], "name": "CVE-2024-31080", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"Read / write overflow in make_secret()\" and a denial of service.", "An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet." ], "acknowledgement": "Red Hat would like to thank the FreeRADIUS project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "freeradius 2.2.10, freeradius 3.0.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10978\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10978\nhttp://freeradius.org/security/fuzzer-2017.html" ], "name": "CVE-2017-10978", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-07-16T20:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21147\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21147" ], "name": "CVE-2024-21147", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "\"managed-keys\" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.", "An assertion failure was found in the way bind implemented the \"managed keys\" feature. An attacker could use this flaw to cause the named daemon to crash. This flaw is very difficult for an attacker to trigger because it requires an operator to have BIND configured to use a trust anchor managed by the attacker." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.11.5-P4, bind 9.12.3-P4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5745\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5745\nhttps://kb.isc.org/docs/cve-2018-5745" ], "name": "CVE-2018-5745", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-10-18T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-120", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21618\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21618" ], "name": "CVE-2022-21618", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-185->CWE-400", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2830\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2830" ], "name": "CVE-2020-2830", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.", "Ghostscript did not honor the -dSAFER option when executing the \"status\" instruction, which can be used to retrieve information such as a file's existence and size. A specially crafted postscript document could use this flow to gain information on the targeted system's filesystem content." ], "upstream_fix": "ghostcript 9.21", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11645\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11645" ], "name": "CVE-2018-11645", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-18T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-319", "details": [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.", "A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5597\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5597\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ], "name": "CVE-2016-5597", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-16T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-662->CWE-300", "details": [ "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.", "A flaw was found in the way PostgreSQL handled certain errors that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection." ], "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Emil Lenngren as the original reporter.", "upstream_fix": "postgresql 9.0.19, postgresql 9.1.15, postgresql 9.2.10, postgresql 9.3.6, postgresql 9.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0244\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0244\nhttp://www.postgresql.org/about/news/1569/" ], "name": "CVE-2015-0244", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-01T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.", "A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5366\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5366" ], "name": "CVE-2015-5366", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-567", "details": [ "In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack." ], "upstream_fix": "freeradius-server 3.0.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17185\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17185" ], "name": "CVE-2019-17185", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.", "It was discovered that the ghostscript device cleanup did not properly handle devices replaced with a null device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document." ], "statement": "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16541\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16541\nhttps://www.artifex.com/news/ghostscript-security-resolved/\nhttps://www.kb.cert.org/vuls/id/332928" ], "name": "CVE-2018-16541", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-07-18T20:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-334", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-22041\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22041" ], "name": "CVE-2023-22041", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2767\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2767" ], "name": "CVE-2020-2767", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-1173->CWE-502", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21341\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21341" ], "name": "CVE-2022-21341", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0402\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0402\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0402", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-05-22T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-209", "details": [ "contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.", "It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original reporter.", "upstream_fix": "postgresql 9.4.2, postgresql 9.3.7, postgresql 9.2.11, postgresql 9.1.16, postgresql 9.0.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3167\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3167" ], "name": "CVE-2015-3167", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2981\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2981" ], "name": "CVE-2019-2981", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.", "A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash." ], "upstream_fix": "httpd 2.2.34, httpd 2.4.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7679\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7679\nhttps://httpd.apache.org/security/vulnerabilities_22.html\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-7679", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10350\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10350" ], "name": "CVE-2017-10350", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2590\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2590\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog" ], "name": "CVE-2015-2590", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10087\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10087" ], "name": "CVE-2017-10087", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-31T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-138", "details": [ "RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.", "A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.4.2, ruby 2.2.8, ruby 2.3.5, rubygems 2.6.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-0899\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0899\nhttp://blog.rubygems.org/2017/08/27/2.6.13-released.html" ], "name": "CVE-2017-0899", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35556\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35556" ], "name": "CVE-2021-35556", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-90", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2588\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2588" ], "name": "CVE-2018-2588", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21277\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21277" ], "name": "CVE-2022-21277", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2013-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "The getenv and filenameforall functions in Ghostscript 9.10 ignore the \"-dSAFER\" argument, which allows remote attackers to read data via a crafted postscript file.", "It was found that the ghostscript functions getenv and filenameforall did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable and list directory respectively, from the target." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-5653\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-5653" ], "name": "CVE-2013-5653", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10081\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10081" ], "name": "CVE-2017-10081", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2814\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2814" ], "name": "CVE-2018-2814", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4835\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4835\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4835", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4881\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4881\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4881", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-704", "details": [ "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.", "It was discovered that the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document." ], "statement": "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15910\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15910\nhttp://seclists.org/oss-sec/2018/q3/142" ], "name": "CVE-2018-15910", "mitigation": { "value": "Please see https://bugzilla.redhat.com/show_bug.cgi?id=1619748#c3", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-03T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.", "A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, using specially crafted XDR packets." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank MIT Kerberos project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9421\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9421\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt" ], "name": "CVE-2014-9421", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).", "It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3241\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3241" ], "name": "CVE-2017-3241", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-09-26T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-273", "details": [ "sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.", "A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privileges, potentially leading to local privilege escalation." ], "statement": "Neither the `AuthorizedKeysCommand` directive nor `AuthorizedPrincipalsCommand` are enabled by default in the versions of OpenSSH as shipped with Red Hat Enterprise Linux 7 and 8.", "upstream_fix": "openssh 8.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-41617\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41617\nhttps://www.openssh.com/txt/release-8.8" ], "name": "CVE-2021-41617", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-841", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2655\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2655" ], "name": "CVE-2020-2655", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4842\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4842\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4842", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-07-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-22006\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22006" ], "name": "CVE-2023-22006", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-27T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.", "A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.9.9-P3, bind 9.10.4-P3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2776\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2776\nhttps://kb.isc.org/article/AA-01419/0" ], "csaw": true, "name": "CVE-2016-2776" }, { "threat_severity": "Important", "public_date": "2016-07-18T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability.", "It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request." ], "acknowledgement": "Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "upstream_fix": "httpd 2.4.24, httpd 2.2.32", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5387\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5387\nhttps://access.redhat.com/security/vulnerabilities/httpoxy\nhttps://httpoxy.org/\nhttps://www.apache.org/security/asf-httpoxy-response.txt" ], "csaw": true, "name": "CVE-2016-5387" }, { "threat_severity": "Low", "public_date": "2016-03-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.", "An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "openssl 1.0.1s, openssl 1.0.2g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0797\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0797\nhttps://www.openssl.org/news/secadv/20160301.txt" ], "name": "CVE-2016-0797", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2815\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2815" ], "name": "CVE-2018-2815", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.", "A flaw was found in squid. Due to incorrect input validation, squid can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters." ], "statement": "This only affects deployments acting as reverse proxy with a http_port 'accel' or 'vhost' (squid 2.x and 3.x) or http_port 'accel' configuration (squid 4.x).", "upstream_fix": "squid 4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8449\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8449" ], "name": "CVE-2020-8449", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.", "It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning." ], "upstream_fix": "httpd 2.4.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8743\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8743\nhttps://httpd.apache.org/security/vulnerabilities_24.html#2.4.25" ], "name": "CVE-2016-8743", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)." ], "upstream_fix": "openssl 1.1.0j-dev, openssl 1.1.1a-dev, openssl 1.0.2q-dev", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0734\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0734" ], "name": "CVE-2018-0734", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", "It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3539\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3539\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3539", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3183\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3183" ], "name": "CVE-2018-3183", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-08-08T11:25:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "details": [ "A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.", "A side channel vulnerability was found in hw amd. Some AMD CPUs may allow an attacker to influence the return address prediction. This issue may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure." ], "acknowledgement": "Red Hat would like to thank Daniël Trujillo (ETH Zurich), Johannes Wikner (ETH Zurich), and Kaveh Razavi (ETH Zurich) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-20569\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20569\nhttps://access.redhat.com/solutions/7049120\nhttps://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf\nhttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html" ], "name": "CVE-2023-20569", "mitigation": { "value": "Mitigation, other than installed the updated packages, for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.", "A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos." ], "statement": "This issue did not affect the version of krb5 as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4343\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4343" ], "name": "CVE-2014-4343", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21283\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21283" ], "name": "CVE-2022-21283", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-665->(CWE-200|CWE-89)", "details": [ "A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with \"host\" or \"hostaddr\" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.", "A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with \"host\" or \"hostaddr\" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction." ], "statement": "This vulnerability is only exploitable where an attacker can provide or influence connection parameters to a PostgreSQL client application using libpq. Contrib modules \"dblink\" and \"postgres_fdw\" are examples of applications affected by this flaw.\nRed Hat Virtualization includes vulnerable versions of postgresql. However this flaw is not known to be exploitable under any supported configuration of Red Hat Virtualization. A future update may address this issue.\nThis issue affects the versions of the rh-postgresql95-postgresql package as shipped with Red Hat Satellite 5.7 and 5.8. However, this flaw is not known to be exploitable under any supported scenario in Satellite 5. A future update may address this issue.", "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Andrew Krasichkov as the original reporter.", "upstream_fix": "postgresql 10.5, postgresql 9.6.10, postgresql 9.5.14, postgresql 9.4.19, postgresql 9.3.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10915\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10915\nhttps://www.postgresql.org/about/news/1878/" ], "name": "CVE-2018-10915", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.", "A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.2.8, ruby 2.3.5, ruby 2.4.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-0898\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0898\nhttps://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/" ], "name": "CVE-2017-0898", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.", "An improper access control flaw was found in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software that may allow a privileged user to enable escalation of privilege via local access." ], "statement": "Please contact your OEM support group to obtain the correct driver version.", "upstream_fix": "linux-firmware 20230804", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-40964\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40964\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html" ], "name": "CVE-2022-40964", "mitigation": { "value": "UEFI firmware to version 3.2.20.23023 (includes versions 2.2.20.23023 and 1.2.20.23023)or later.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.", "A missing input sanitization flaw was found in the way TigerVNC handled credentials. A remote unauthenticated attacker could use this flaw to make Xvnc crash by sending specially crafted usernames, resulting in denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7394\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7394" ], "name": "CVE-2017-7394", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-24T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c." ], "statement": "This issue affects the versions of openssh as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 (versions 7.3 and earlier). For Red Hat Enterprise Linux 7 (versions 7.4 and later), this issue was fixed by the Security Advisory RHSA-2017:2029. For Red Hat Enterprise Linux 6, Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "openssh 7.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10708\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10708" ], "name": "CVE-2016-10708", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-10-28T14:36:13Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.", "A flaw was found in Squid. Due to input validation and resource management issues, a denial of service may be triggered during the processing of certain Edge Side Includes (ESI) response content." ], "statement": "All builds of Squid shipped in supported versions of Red Hat Enterprise Linux are built with the vulnerable (ESI) feature enabled.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-45802\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-45802\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj" ], "name": "CVE-2024-45802", "mitigation": { "value": "This bug was mitigated by the default upstream build configuration of Squid since version 6.10.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2582\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2582" ], "name": "CVE-2018-2582", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4903\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4903\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4903", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-08T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.", "A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash." ], "upstream_fix": "krb5 1.14.1, krb5 1.13.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8630\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8630" ], "name": "CVE-2015-8630", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-10-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process `xdg-dbus-proxy`, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version.", "A flaw was found in the flatpak package. It is susceptible to a software flaw that can deceive portals and other host-OS services into treating the flatpak app as an ordinary, non-sandboxed host-OS process. This flaw allows the escalation of privileges that the corresponding services presume the flatpak app has. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "upstream_fix": "flatpak 1.12.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-41133\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41133" ], "name": "CVE-2021-41133", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.", "An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "openssl 1.0.1t, openssl 1.0.2h", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2106\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2106\nhttps://openssl.org/news/secadv/20160503.txt" ], "name": "CVE-2016-2106", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-01T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.", "A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Marco Davids (SIDN Labs) and Tony Finch (University of Cambridge) as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8864\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8864\nhttps://kb.isc.org/article/AA-01434" ], "name": "CVE-2016-8864", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2762\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2762" ], "name": "CVE-2019-2762", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.", "A vulnerability was found in X.Org. The issue occurs due to the swap handler for the XTestFakeInput request of the XTest extension, possibly corrupting the stack if GenericEvents with lengths larger than 32 bytes are sent through the XTestFakeInput request. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where the client and server use the same byte order." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46340\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46340" ], "name": "CVE-2022-46340", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-59", "details": [ "PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.", "Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine." ], "statement": "Red Hat Enterprise Linux 6 and Satellite 5 are now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Antoine Scemama (Brainloop) as the original reporter.", "upstream_fix": "postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql 9.5.10, postgresql 9.6.6, postgresql 10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12172\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12172\nhttps://www.postgresql.org/about/news/1801/" ], "name": "CVE-2017-12172", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-13T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.", "A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-11368\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-11368" ], "name": "CVE-2017-11368", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2654\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2654" ], "name": "CVE-2020-2654", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-682", "details": [ "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen." ], "upstream_fix": "openssl 1.1.0g, openssl 1.0.2m", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3736\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3736\nhttps://www.openssl.org/news/secadv/20171102.txt" ], "name": "CVE-2017-3736", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) \" (double quote), (2) \\ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.", "A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program." ], "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Nathan Bossart as the original reporter.", "upstream_fix": "postgresql 9.5.4, postgresql 9.4.9, postgresql 9.3.14, postgresql 9.2.18, postgresql 9.1.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5424\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5424" ], "name": "CVE-2016-5424", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-09T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.", "A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.9.8-P4, bind 9.10.3-P4, bind 9.9.8-S6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1285\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1285\nhttps://kb.isc.org/article/AA-01352" ], "name": "CVE-2016-1285", "mitigation": { "value": "Restrict access to the control channel (by using the \"controls\" configuration statement in named.conf) to allow connection only from trusted systems.\nNote that if no \"controls\" statement is present, named defaults to allowing control channel connections only from localhost (127.0.0.1 and ::1) if and only if the file rndc.key exists in the configuration directory and contains valid key syntax. If rndc.key is not present and no \"controls\" statement is present in named.conf, named will not accept commands on the control channel.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.", "A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching." ], "statement": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6 as only httpd version 2.4.6 included the vulnerable code.", "upstream_fix": "httpd 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-4352\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4352\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2013-4352", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2989\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2989" ], "name": "CVE-2019-2989", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21299\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21299" ], "name": "CVE-2022-21299", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2677\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2677" ], "name": "CVE-2018-2677", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-88", "details": [ "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.", "A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Normally, the \"--command\" argument of \"flatpak run\" expects being given a command to run in the specified Flatpak app, along with optional arguments. However, it is possible to pass bwrap arguments to \"--command=\" instead, such as \"--bind\". It is possible to pass an arbitrary \"commandline\" to the portal interface \"org.freedesktop.portal.Background.RequestBackground\" within the Flatpak app. This is normally safe because it can only specify a command that exists inside the sandbox. When a crafted \"commandline\" is converted into a \"--command\" and arguments, the app could achieve the same effect of passing arguments directly to bwrap to achieve sandbox escape." ], "statement": "This vulnerability poses an important security risk due to its potential for sandbox escape within Flatpak environments. Exploiting this vulnerability allows a malicious Flatpak application to execute arbitrary code outside of its designated sandbox, effectively bypassing the security measures intended to restrict its system access. By manipulating the --command argument and the org.freedesktop.portal.Background.RequestBackground portal interface, an attacker can craft commands that are misinterpreted as bwrap options, leading to unauthorized execution of commands with elevated privileges. This could result in unauthorized data access, system compromise, and potentially enable further exploitation of the host system.", "upstream_fix": "flatpak 1.15.8, flatpak 1.10.9, flatpak 1.12.9, flatpak 1.14.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-32462\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-32462\nhttps://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj" ], "name": "CVE-2024-32462", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-07-25T06:30:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-1239", "details": [ "An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.", "A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-20593\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20593\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=522b1d69219d8f083173819fde04f994aa051a98\nhttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html" ], "name": "CVE-2023-20593", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.", "A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack won't overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "The squid packages are compiled with protections like stack canaries, which should reduce the chance of a successful exploitation dramatically and the most likely outcome is a crash without code execution.", "upstream_fix": "squid 4.11, squid 5.0.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12519\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12519\nhttp://www.squid-cache.org/Advisories/SQUID-2019_12.txt\nhttps://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt" ], "name": "CVE-2019-12519", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-11-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19134\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19134" ], "name": "CVE-2018-19134", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3544\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3544\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3544", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-20T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-391", "details": [ "named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.", "A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon (named) to crash under certain conditions." ], "statement": "Red Hat Enterprise Linux 5 ships with both bind (9.3) packages which are not affected by this issue, and bind97 packages, which are affected by this issue.\nRed Hat Enterprise Linux 5 is now in Production Phase 3 of the support and maintenance life cycle. This issue is not currently planned to be addressed in future bind97 updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "BIND 9.9.7, BIND 9.10.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1349\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1349\nhttps://kb.isc.org/article/AA-01235/0/CVE-2015-1349%3A-A-Problem-with-Trust-Anchor-Management-Can-Cause-named-to-Crash.html" ], "name": "CVE-2015-1349", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-06-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-305", "details": [ "A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.", "A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege." ], "acknowledgement": "Red Hat would like to thank Pham Van Khanh (Calif) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4727\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4727" ], "name": "CVE-2023-4727", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-681->CWE-119", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4843\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4843\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4843", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-407", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4803\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4803\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4803", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.", "An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1789\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1789" ], "name": "CVE-2015-1789", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.", "A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter." ], "statement": "This issue did not affect the versions of rubygems as shipped with Red Hat Enterprise Linux 6.\nThis issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "rubygems 2.6.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-0903\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0903\nhttp://blog.rubygems.org/2017/10/09/2.6.14-released.html" ], "name": "CVE-2017-0903", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2678\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2678" ], "name": "CVE-2018-2678", "csaw": false }, { "threat_severity": "Low", "public_date": "2005-01-04T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.", "A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0480\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0480\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0480", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-456", "details": [ "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.", "It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server." ], "upstream_fix": "httpd 2.2.34, httpd 2.4.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9788\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9788\nhttps://httpd.apache.org/security/vulnerabilities_22.html#2.2.34\nhttps://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" ], "name": "CVE-2017-9788", "mitigation": { "value": "If you do not use digest authentication, do not load the \"auth_digest_module\".\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.", "A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled." ], "upstream_fix": "openssl 1.0.1i, openssl 1.0.0n, openssl 0.9.8zb", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3510\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3510\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3510", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-26T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122->CWE-125->CWE-787", "details": [ "Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.", "A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the \"lp\" user." ], "acknowledgement": "This issue was discovered by Petr Sklenar (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3258\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3258" ], "name": "CVE-2015-3258", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-12T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-459->CWE-89", "details": [ "A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.", "A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity." ], "acknowledgement": "Upstream acknowledges Alexander Lakhin as the original reporter.", "upstream_fix": "postgresql 14.3, postgresql 13.7, postgresql 12.11, postgresql 11.16, postgresql 10.21", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-1552\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1552\nhttps://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/\nhttps://www.postgresql.org/support/security/CVE-2022-1552/" ], "name": "CVE-2022-1552", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-285", "details": [ "PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.", "It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database." ], "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Andrew Wheelwright as the original reporter.", "upstream_fix": "postgresql 9.2.21, postgresql 9.3.17, postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7486\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7486\nhttps://www.postgresql.org/about/news/1746/" ], "name": "CVE-2017-7486", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4911\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4911\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4911", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.", "An integer overflow flaw, leading to a heap-based buffer overflow, was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the \"lp\" user." ], "upstream_fix": "cups-filters 1.0.71", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3279\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3279" ], "name": "CVE-2015-3279", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.", "It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0478\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0478\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA\nhttps://people.redhat.com/~fweimer/rsa-crt-leaks.pdf\nhttps://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/" ], "name": "CVE-2015-0478", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-04-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.", "Incremental zone transfers (IXFR) provide a way of transferring changed portion(s) of a zone between servers. An IXFR stream containing SOA records with an owner name other than the transferred zone's apex may cause the receiving named server to inadvertently remove the SOA record for the zone in question from the zone database. This leads to an assertion failure when the next SOA refresh query for that zone is made." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Greg Kuechle (SaskTel) as the original reporter.", "upstream_fix": "bind 9.11.30, bind 9.16.14, bind 9.17.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-25214\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-25214\nhttps://kb.isc.org/docs/cve-2021-25214" ], "name": "CVE-2021-25214", "mitigation": { "value": "Disabling incremental zone transfers (IXFR) by setting \"request-ixfr no;\" in the desired configuration block (options, zone, or server) prevents the failing assertion from being evaluated.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-05T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter." ], "statement": "This issue affects the versions of squid as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13345\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13345" ], "name": "CVE-2019-13345", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14556\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14556" ], "name": "CVE-2020-14556", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2962\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2962" ], "name": "CVE-2019-2962", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-400|CWE-787)", "details": [ "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.", "A buffer overflow flaw in httpd's lua module could allow an out-of-bounds write. An attacker who is able to submit a crafted request to an httpd instance that is using the lua module may be able to cause an impact to confidentiality, integrity, and/or availability." ], "statement": "httpd as shipped in Red Hat Enterprise Linux 6 is NOT affected by this flaw because it does not ship mod_lua.", "upstream_fix": "httpd 2.4.52", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-44790\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-44790\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2021-44790", "mitigation": { "value": "Disabling mod_lua and restarting httpd will mitigate this flaw. See https://access.redhat.com/articles/10649 for more information.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Buffer over-read in fr_dhcp_decode_suboptions()\" and a denial of service.", "An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request." ], "acknowledgement": "Red Hat would like to thank the FreeRADIUS project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "freeradius 3.0.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10987\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10987\nhttp://freeradius.org/security/fuzzer-2017.html" ], "name": "CVE-2017-10987", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-02-11T18:47:00Z", "cvss3": { "cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-672", "details": [ "Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.", "A flaw was found in flatpak. In certain special cases, installing flatpak applications and runtimes system-wide may allow an attacker to escape the flatpak sandbox. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This flaw appears to impact systems in special cases involving installing flatpak applications and runtimes system-wide. Installation of flatpak applications and runtimes locally should not be impacted.", "upstream_fix": "flatpak 1.2.3, flatpak 1.0.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8308\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8308" ], "name": "CVE-2019-8308", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-02-25T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.", "It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application." ], "acknowledgement": "Red Hat would like to thank Gustavo Grieco for reporting this issue.", "upstream_fix": "xerces-c 3.1.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0729\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0729\nhttp://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt" ], "name": "CVE-2016-0729", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.", "A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0460\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0460\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0460", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "details": [ "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", "A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system." ], "statement": "This bind flaw can be exploited by a remote attacker (AV:N) by opening large number of simultaneous TCP client connections with the server. No special exploit code is required apart from the ability to open large number of TCP connections simultaneously either from one attacker machine or via some distributed attacker network (AC:L and PR:L). No user interaction is required from the server side (UI:N). The attacker can cause denial of service (A:H) by exhausting the file descriptor pool which named has access to. Also in cases where named process is not limited by OS-enforced per-process limits, this could cause exhaustion of available free file descriptors on the system running the named server causing denial of service for other processes running on that machine (S:C).", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges AT&T as the original reporter.", "upstream_fix": "bind 9.11.6-P1, bind 9.12.4-P1, bind 9.14.1, bind 9.11.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5743\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5743\nhttps://kb.isc.org/docs/cve-2018-5743" ], "name": "CVE-2018-5743", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2618\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2618" ], "name": "CVE-2018-2618", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-24T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-228", "details": [ "http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.", "It was found that squid did not properly handle errors when failing to parse an HTTP response, possibly leading to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "squid 4.0.7, squid 3.5.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2571\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2571\nhttp://www.squid-cache.org/Advisories/SQUID-2016_2.txt" ], "name": "CVE-2016-2571", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.", "It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user." ], "statement": "This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7.", "upstream_fix": "OpenSSL 1.0.1k, OpenSSL 1.0.0p, OpenSSL 0.9.8zd", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3572\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3572\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2014-3572", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-345", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10388\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10388" ], "name": "CVE-2017-10388", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"DHCP - Read overflow when decoding option 63\" and a denial of service.", "An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request." ], "acknowledgement": "Red Hat would like to thank the FreeRADIUS project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "freeradius 2.2.10, freeradius 3.0.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10983\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10983\nhttp://freeradius.org/security/fuzzer-2017.html" ], "name": "CVE-2017-10983", "csaw": false }, { "threat_severity": "Low", "public_date": "2024-04-16T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-350", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.\nNote: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21012\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21012\nhttps://www.oracle.com/security-alerts/cpuapr2024.html#AppendixJAVA" ], "name": "CVE-2024-21012", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-626->CWE-22", "details": [ "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.", "It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.2.10, ruby 2.3.7, ruby 2.4.4, ruby 2.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8780\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8780\nhttps://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/" ], "name": "CVE-2018-8780", "mitigation": { "value": "It is possible to test for presence of the NULL byte manually prior to call a Dir method with an untrusted string.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.", "It was found that the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code." ], "statement": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.", "acknowledgement": "This issue was discovered by Pritam Singh (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10179\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10179" ], "name": "CVE-2019-10179", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-88", "details": [ "An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8322\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8322" ], "name": "CVE-2019-8322", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.", "Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications." ], "statement": "This issue affects the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Low security impact and does not plan to address this flaw for the above components in any future security updates.\nThis issue affects the version of openssl097a as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "OpenSSL 1.0.1k, OpenSSL 1.0.0p, OpenSSL 0.9.8zd", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8275\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8275\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2014-8275", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.", "A vulnerability was found in X.Org. This issue occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This flaw can lead to local privileges elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46343\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46343" ], "name": "CVE-2022-46343", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-12-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.", "A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.9.8-P2, bind 9.10.3-P2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8000\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8000\nhttps://kb.isc.org/article/AA-01317" ], "name": "CVE-2015-8000", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10111\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10111" ], "name": "CVE-2017-10111", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).", "A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5548\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5548" ], "name": "CVE-2016-5548", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-22", "details": [ "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.", "A integer underflow was found in the way String#unpack decodes the unpacking format. An attacker, able to control the unpack format, could use this flaw to disclose arbitrary parts of the application's memory." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.2.10, ruby 2.3.7, ruby 2.4.4, ruby 2.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8778\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8778\nhttps://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/" ], "name": "CVE-2018-8778", "mitigation": { "value": "Vulnerable code when String#unpack's argument is attacker controlled.\nIn the unpack format string argemument, manual sanitization can be done by preventing the number following '@' to overflow to a negative number. See https://dev.to/sqreenio/an-in-depth-look-at-cve-2018-8878-or-why-integer-overflows-are-still-a-thing-1n01 for mitigation details.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-426", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).", "It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2602\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2602" ], "name": "CVE-2018-2602", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10347\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10347" ], "name": "CVE-2017-10347", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-08-20T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-400", "details": [ "In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.", "A flaw was found in bind. Updates to \"Update-policy\" rules of type \"subdomain\" are treated as if they were of type \"zonesub\" which allows updates to all parts of the zone along with the intended subdomain. The highest threat from this vulnerability is to data integrity." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Joop Boonen (credativ GmbH) as the original reporter.", "upstream_fix": "bind 9.11.22, bind 9.16.6, bind 9.17.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8624\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8624\nhttps://kb.isc.org/docs/cve-2020-8624" ], "name": "CVE-2020-8624", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-12-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787->CWE-125", "details": [ "A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.", "A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a moderate severity.", "acknowledgement": "This issue was discovered by Peter Hutterer (Red Hat).", "upstream_fix": "xorg-server 21.1.10, xwayland 23.2.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6377\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6377\nhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd\nhttps://lists.x.org/archives/xorg-announce/2023-December/003435.html" ], "name": "CVE-2023-6377", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-07-09T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-193->CWE-121", "details": [ "Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow." ], "statement": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4975\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4975" ], "name": "CVE-2014-4975", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-11T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.", "An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9585\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9585" ], "name": "CVE-2014-9585", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-06-04T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow", "A heap overflow flaw was found In Apache httpd mod_session. The highest threat from this vulnerability is to system availability." ], "statement": "This flaw can result in a crash of the httpd child process when mod_session is used.", "acknowledgement": "Red Hat would like to thank Christophe Jaillet and the Apache project for reporting this issue.", "upstream_fix": "httpd 2.4.47", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-26691\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-26691\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2021-26691", "mitigation": { "value": "Only configurations which use the \"SessionEnv\" directive (which is not widely used) are vulnerable to this flaw. SessionEnv is not enabled in default configuration of httpd package shipped with Red Hat Products.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-02-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).", "Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash." ], "statement": "This flaw only affects applications which are compiled with OpenSSL and using EVP_CipherUpdate, EVP_EncryptUpdate or EVP_DecryptUpdate functions. When specially-crafted values are passed to these functions, it can cause the application to crash or behave incorrectly.\nOpenSSL in Red Hat Enterprise Linux 9 was marked as not affected as its already fixed in RHEL9 Alpha release.", "upstream_fix": "openssl 1.1.1j, openssl 1.0.2y", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23840\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23840\nhttps://www.openssl.org/news/secadv/20210216.txt" ], "name": "CVE-2021-23840", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-190", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21305\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21305" ], "name": "CVE-2022-21305", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-248", "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.", "A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0488\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0488\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0488", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes." ], "upstream_fix": "systemd 237", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16888\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16888" ], "name": "CVE-2018-16888", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-05-31T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.", "A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information." ], "statement": "Red Hat rates this as an Important severity, as a local attacker may gain enough information to jeopardize the environment's confidentiality, integrity and availability.", "acknowledgement": "Upstream acknowledges Evgeny Vereshchagin as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-5564\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-5564" ], "name": "CVE-2024-5564", "mitigation": { "value": "Currently there is no mitigation available for this vulnerability. Please make sure to update as the fixes become available.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21360\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21360" ], "name": "CVE-2022-21360", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2987\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2987" ], "name": "CVE-2019-2987", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.", "It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0695\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0695\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ], "name": "CVE-2016-0695", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10096\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10096" ], "name": "CVE-2017-10096", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14583\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14583" ], "name": "CVE-2020-14583", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-131->CWE-190->CWE-122", "details": [ "A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.", "It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine." ], "statement": "This issue affects the versions of systemd-networkd as shipped with Red Hat Enterprise Linux 7, however the package is available only through the unsupported Optional repository and it cannot be exploited unless the interface is explicitly configured to use DHCP.\nThis issue affects the versions of NetworkManager as shipped with Red Hat Enterprise Linux 7 because the package includes some parts of the systemd-networkd code, which present the same vulnerability. NetworkManager is vulnerable to this flaw only when configured to use the internal DHCP, which is not the default. However, when it is, the flaw may be triggered by a connection where either ipv6.method is set to dhcp or it is set to auto, which is the default value.", "acknowledgement": "Red Hat would like to thank Ubuntu Security Team for reporting this issue. Upstream acknowledges Felix Wilhelm (Google) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15688\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15688" ], "name": "CVE-2018-15688", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3598\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3598\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3598", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-02T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE.", "A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2625\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2625\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2625", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." ], "upstream_fix": "tigervnc 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15692\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15692" ], "name": "CVE-2019-15692", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-88", "details": [ "An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8323\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8323" ], "name": "CVE-2019-8323", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10074\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10074" ], "name": "CVE-2017-10074", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10193\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10193" ], "name": "CVE-2017-10193", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3289\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3289" ], "name": "CVE-2017-3289", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2769\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2769" ], "name": "CVE-2019-2769", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10357\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10357" ], "name": "CVE-2017-10357", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4882\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4882\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4882", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-19T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "details": [ "Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.", "A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel (ring0) level, bypassing intended restrictions in place." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enteprise MRG 2. Future kernel and kernel-rt updates for Red Hat Enterprise Linux 7 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2666\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2666" ], "name": "CVE-2015-2666", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.", "A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with Moderate severity.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-4283\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4283" ], "name": "CVE-2022-4283", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.", "The \"lazy_initialize\" function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17790\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17790" ], "name": "CVE-2017-17790", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.", "Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid." ], "upstream_fix": "squid 3.5.17, squid 4.0.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4052\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4052\nhttp://www.squid-cache.org/Advisories/SQUID-2016_6.txt" ], "name": "CVE-2016-4052", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-172", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2593\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2593" ], "name": "CVE-2020-2593", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.", "A denial of service flaw was found in the way BIND handled query requests when using DNS64 with \"break-dnssec yes\" option. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Oleg Gorokhov (Yandex) as the original reporter.", "upstream_fix": "bind 9.9.9-P8, bind 9.10.4-P8, bind 9.11.0-P5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3136\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3136\nhttps://kb.isc.org/article/AA-01465" ], "name": "CVE-2017-3136", "mitigation": { "value": "Servers which have configurations which require DNS64 and \"break-dnssec yes;\" should upgrade. Servers which are not using these features in conjunction are not at risk from this defect.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-18T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582.", "It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5573\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5573\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ], "name": "CVE-2016-5573", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow scripts to access Java APIs even when access to Java APIs was disabled. An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10078\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10078" ], "name": "CVE-2017-10078", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts).", "It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5552\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5552" ], "name": "CVE-2016-5552", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10274\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10274" ], "name": "CVE-2017-10274", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.", "A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a null pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3120\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3120" ], "name": "CVE-2016-3120", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2659\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2659\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2659", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-14T13:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.", "A flaw was found in the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands." ], "acknowledgement": "Red Hat would like to thank Artifex Software for reporting this issue. Upstream acknowledges Lukas Schauer and Paul Manfred as the original reporters.", "upstream_fix": "ghostscript 9.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14869\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14869" ], "name": "CVE-2019-14869", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-25T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)." ], "upstream_fix": "openssl 1.1.0j, openssl 1.1.1a", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0735\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0735" ], "name": "CVE-2018-0735", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2818\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2818" ], "name": "CVE-2019-2818", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition." ], "statement": "This issue did not affect the openssl packages shipped with Red Hat Enterprise Linux 5.", "upstream_fix": "openssl 1.0.1h, openssl 1.0.0m", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0198\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0198\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2014-0198", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-444", "details": [ "An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing \"+\\ \"-\" or an uncommon shell whitespace character prefix to the length field-value.", "A flaw was found in squid. A trusted client is able to perform a request smuggling and poison the HTTP cache contents with crafted HTTP(S) request messages. This attack requires an upstream server to participate in the smuggling and generate the poison response sequence. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This issue has been rated as having moderate security impact, (despite of having a higher CVSS scoring) because the attack requires an upstream server to participate in the smuggling attack and generate the poison response sequence, which is really uncommon because most popular software are not vulnerable to participation in this attack. While the vulnerability does exists in squid, it is not easily exploitable and requires participation of other components on the network.", "upstream_fix": "squid 4.12, squid 5.0.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15049\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15049\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5" ], "name": "CVE-2020-15049", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10135\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10135" ], "name": "CVE-2017-10135", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.", "A denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash." ], "statement": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6, Red Hat JBoss Web Server, and Red Hat JBoss Enterprise Application Platform. These products include httpd 2.2, and only httpd versions 2.4.6 through 2.4.9 include the vulnerable code.", "upstream_fix": "httpd 2.4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0117\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0117\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2014-0117", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", "A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic." ], "statement": "This issue affects the version of openssl and nss libraries as shipped with Red Hat Enterprise Linux 4, 5, 6 and 7. More information about this flaw is available at: https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c4 and https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c5.\nRed Hat Enterprise Linux 4 is in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 4.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4000\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4000\nhttps://access.redhat.com/articles/1456263\nhttps://weakdh.org/" ], "csaw": true, "name": "CVE-2015-4000" }, { "threat_severity": "Important", "public_date": "2023-11-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.", "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory." ], "acknowledgement": "Upstream acknowledges Pedro Gallegos as the original reporter.", "upstream_fix": "PostgreSQL 16.1, PostgreSQL 15.5, PostgreSQL 14.10, PostgreSQL 13.13, PostgreSQL 12.17, PostgreSQL 11.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5869\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5869\nhttps://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/\nhttps://www.postgresql.org/support/security/CVE-2023-5869/" ], "name": "CVE-2023-5869", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-06-05T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-841", "details": [ "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", "It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi (Lepidum) as the original reporter.", "upstream_fix": "openssl 1.0.1h, openssl 1.0.0m, openssl 0.9.8za", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0224\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0224\nhttps://access.redhat.com/site/articles/904433\nhttps://access.redhat.com/site/solutions/905793\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2014-0224", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).", "It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10102\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10102" ], "name": "CVE-2017-10102", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-28T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.", "It was found that ghostscript function .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could, in the context of the gs process, retrieve file content on the target machine." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7977\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7977" ], "name": "CVE-2016-7977", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-325", "details": [ "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)." ], "upstream_fix": "openssl 1.1.0i, openssl 1.0.2p", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0732\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0732\nhttps://www.openssl.org/news/secadv/20180612.txt" ], "name": "CVE-2018-0732", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-06T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.", "If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal." ], "statement": "This issue affects the version of krb5 package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5353\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5353" ], "name": "CVE-2014-5353", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10285\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10285" ], "name": "CVE-2017-10285", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-28T12:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.", "A flaw was found in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands." ], "acknowledgement": "Red Hat would like to thank Artifex Software for reporting this issue.", "upstream_fix": "ghostscript 9.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14817\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14817" ], "name": "CVE-2019-14817", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-15T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-172", "details": [ "The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.", "Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks." ], "upstream_fix": "httpd 2.2.31, httpd 2.4.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3183\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3183" ], "name": "CVE-2015-3183", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-367", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14803\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14803" ], "name": "CVE-2020-14803", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-29T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.", "A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4463\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4463\nhttp://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt" ], "name": "CVE-2016-4463", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX.", "An information leak flaw was found in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2621\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2621\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2621", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.", "A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9147\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9147\nhttps://kb.isc.org/article/AA-01440" ], "name": "CVE-2016-9147", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.", "A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9444\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9444\nhttps://kb.isc.org/article/AA-01441" ], "name": "CVE-2016-9444", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-01T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-138", "details": [ "RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.", "It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.4.2, ruby 2.2.8, ruby 2.3.5, rubygems 2.6.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-0901\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0901\nhttp://blog.rubygems.org/2017/08/27/2.6.13-released.html" ], "name": "CVE-2017-0901", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3610\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3610\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3610", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-10-18T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21628\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21628" ], "name": "CVE-2022-21628", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-21T12:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.", "It was found that the superexec operator was available in the internal dictionary. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER." ], "acknowledgement": "This issue was discovered by Cedric Buissart (Red Hat).", "upstream_fix": "ghostscript 9.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3835\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3835\nhttps://bugs.ghostscript.com/show_bug.cgi?id=700585" ], "name": "CVE-2019-3835", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-03-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.", "A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory." ], "statement": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5, and 6. These versions do not include the JSON module.\nThis issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7, as well as the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.4.2, ruby 2.3.5, ruby 2.2.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14064\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14064\nhttps://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/" ], "name": "CVE-2017-14064", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2583\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2583" ], "name": "CVE-2020-2583", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.", "A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a null pointer dereference via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Ramesh Damodaran (Infoblox) and Aliaksandr Shubnik (Infoblox) as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3135\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3135\nhttps://kb.isc.org/article/AA-01453" ], "name": "CVE-2017-3135", "mitigation": { "value": "While it is possible to avoid the condition by removing either DNS64 or RPZ from the configuration, or by carefully restricting the contents of the policy zone, for an affected configuration the most practical and safest course of action is to upgrade to a version of BIND without this vulnerability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-02-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks." ], "upstream_fix": "harfbuzz 7.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25193\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25193" ], "name": "CVE-2023-25193", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-04-10T15:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-345", "details": [ "FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.", "A vulnerability was found in FreeRadius. An invalid curve attack allows an attacker to authenticate as any user, without knowing the password. FreeRADIUS doesn't verify whether the received elliptic curve point is valid. The highest threat from this vulnerability is to data confidentiality and integrity." ], "upstream_fix": "freeradius 3.0.19", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11235\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11235" ], "name": "CVE-2019-11235", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-305", "details": [ "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection." ], "statement": "The \"AuthType Digest\" directive is not enabled in the default httpd configuration as shipped with Red Hat Enterprise Linux, and needs to be explicitly enabled. Therefore this flaw has no impact on the default versions of the httpd package as shipped with Red Hat Enterprise Linux. Also upstream discourages the use of mod_auth_digest because of its inherent security weaknesses and recommends the use of mod_ssl.", "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1312\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1312\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2018-1312", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.", "It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER constraints." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue.", "upstream_fix": "ghostscript 9.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6116\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6116\nhttps://bugs.ghostscript.com/show_bug.cgi?id=700317" ], "name": "CVE-2019-6116", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.", "An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite." ], "upstream_fix": "openssl 1.0.2k, openssl 1.1.0d", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3731\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3731\nhttps://www.openssl.org/news/secadv/20170126.txt" ], "name": "CVE-2017-3731", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-201", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3139\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3139" ], "name": "CVE-2018-3139", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2773\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2773" ], "name": "CVE-2020-2773", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4731\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4731\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4731", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later." ], "upstream_fix": "squid 3.5.28, squid 4.0.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000024\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000024" ], "name": "CVE-2018-1000024", "mitigation": { "value": "A workaround for this issue is to not use the internal ESI parser, which can be achieved by adding either the \"esi_parser expat\" or \"esi_parser libxml2\" configuration directive to the squid configuration file (for example /etc/squid/squid.conf).", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-10T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.", "A NULL pointer dereference flaw was found in TigerVNC's XRegion. A malicious VNC server could use this flaw to cause a client to crash." ], "statement": "This issue affects the version of tigervnc as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8241\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8241" ], "name": "CVE-2014-8241", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-04-16T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-117", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.\nNote: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21011\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21011\nhttps://www.oracle.com/security-alerts/cpuapr2024.html#AppendixJAVA" ], "name": "CVE-2024-21011", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).", "It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additional headers into the request." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10295\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10295" ], "name": "CVE-2017-10295", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2794\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2794" ], "name": "CVE-2018-2794", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-05-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.", "An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session." ], "upstream_fix": "freeradius 3.0.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9148\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9148" ], "name": "CVE-2017-9148", "mitigation": { "value": "Disable TLS session caching in FreeRADIUS by setting \"enable = no\" in the cache subsection of EAP module settings, which are in /etc/raddb/mods-available/eap file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.", "A flaw was found in squid. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes." ], "upstream_fix": "squid 4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12528\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12528\nhttp://www.squid-cache.org/Advisories/SQUID-2020_2.txt" ], "name": "CVE-2019-12528", "mitigation": { "value": "As a workaround, it is possible to disable support for FTP. In order to do so, remove the following line from your squid configuration file:\nacl Safe_ports 21\nThen add the following lines to your squid configuration file:\nacl FTP proto FTP\nhttp_access deny FTP", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3136\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3136" ], "name": "CVE-2018-3136", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-12T13:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.", "It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas." ], "acknowledgement": "Red Hat would like to thank Artifex Software for reporting this issue. Upstream acknowledges Netanel (Cloudinary) as the original reporter.", "upstream_fix": "ghostscript 9.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10216\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10216" ], "name": "CVE-2019-10216", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.", "It was found that some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3839\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3839" ], "name": "CVE-2019-3839", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10349\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10349" ], "name": "CVE-2017-10349", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-08T00:00:00Z", "cvss": { "cvss_base_score": "5.7", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-841", "details": [ "include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.", "An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2.\nFor additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Nathan Hoad for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9715\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9715" ], "name": "CVE-2014-9715", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-11-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-843", "details": [ "psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19477\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19477" ], "name": "CVE-2018-19477", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).", "A flaw was found in the way bind limited the number of TCP clients that can be connected at any given time. A remote attacker could use one TCP client to send a large number of DNS requests over a single connection, causing exhaustion of the pool of file descriptors available to named, and potentially affecting network connections and the management of files such as log files or zone journal files." ], "statement": "The patch for CVE-2018-5743 introduced a change in the way bind calculated the number of concurrent connections, from counting the outstanding TCP queries to counting the TCP client connections. However this functionality was not correctly implemented, a attacker could use a single TCP connection to send large number of DNS requests causing denial of service. As per upstream the fix does not help in a situation where a TCP-pipelining client is sending queries at an excessive rate, allowing a backlog of outstanding queries to build up. More details about this is available in the upstream advisory.\nThis bind flaw can be exploited by a remote attacker (AV:N) by opening large number of simultaneous TCP client connections with the server. The attacker needs to use a server which has TCP-pipelining capability to use one TCP connection to send large number of requests. (AC:L and PR:N) No user interaction is required from the server side (UI:N). The attacker can cause denial of service (A:H) by exhausting the file descriptor pool which named has access to. (S:U)", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.11.13, bind 9.14.8, bind 9.15.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6477\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6477\nhttps://kb.isc.org/docs/cve-2019-6477" ], "name": "CVE-2019-6477", "mitigation": { "value": "The vulnerability can be mitigated by disabling server TCP-pipelining:\n~~~\nkeep-response-order { any; };\n~~~\nand then restarting BIND. The server restart is necessary because neither a 'reload' nor a 'reconfig' operation will properly reset currently pipelining TCP clients.\nDisabling TCP-pipelining entirely is completely effective at mitigating the vulnerability with minimal impact to clients that use pipelined TCP connections and with no impact to clients that do not support TCP-pipelining. The majority of Internet client DNS queries are transported over UDP or TCP without use of TCP-pipelining.\nNote: This mitigation will only work with bind-9.11 and above.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.", "It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters.", "upstream_fix": "openssl 1.0.2a, openssl 1.0.1m, openssl 1.0.0r, openssl 0.9.8zf", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0704\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0704\nhttps://www.openssl.org/news/secadv/20160301.txt" ], "name": "CVE-2016-0704", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-843", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2628\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2628\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2628", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.", "It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3426\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3426\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ], "name": "CVE-2016-3426", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-88", "details": [ "An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8321\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8321" ], "name": "CVE-2019-8321", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0686\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0686\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ], "name": "CVE-2016-0686", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "A flaw was found in the way the readObject() method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2805\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2805" ], "name": "CVE-2020-2805", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-06-26T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-130->CWE-125", "details": [ "MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.", "A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4341\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4341" ], "name": "CVE-2014-4341", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-16T20:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-20952\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-20952\nhttps://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA" ], "name": "CVE-2024-20952", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.", "It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections." ], "upstream_fix": "squid 3.5.23, squid 4.0.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10002\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10002\nhttp://www.squid-cache.org/Advisories/SQUID-2016_11.txt" ], "name": "CVE-2016-10002", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-04-16T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-190->CWE-787", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.\nNote: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21068\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21068\nhttps://www.oracle.com/security-alerts/cpuapr2024.html#AppendixJAVA" ], "name": "CVE-2024-21068", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10110\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10110" ], "name": "CVE-2017-10110", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-863", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35567\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35567" ], "name": "CVE-2021-35567", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-12-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.", "A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that process XML documents with an external Document Type Definition (DTD) may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially crafted XML file that would crash the application or potentially lead to arbitrary code execution." ], "upstream_fix": "xerces-c 3.2.3, xerces-c 3.2.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1311\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1311\nhttps://marc.info/?l=xerces-c-users&m=157653840106914&w=2" ], "name": "CVE-2018-1311", "mitigation": { "value": "Disable DTD processing by setting the environment variable `XERCES_DISABLE_DTD=1`. Please note that this feature was introduced in xerces-c upstream version 3.1.4 and is not available in older versions. The versions of xerces-c as shipped with Red Hat Enterprise Linux 6 and 7 did not include this feature.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).", "It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.2.10, ruby 2.3.7, ruby 2.4.4, ruby 2.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8777\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8777\nhttps://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/" ], "name": "CVE-2018-8777", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows \"Infinite loop and memory exhaustion with 'concat' attributes\" and a denial of service.", "A denial of service flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to cause the FreeRADIUS server to enter an infinite loop, consume increasing amounts of memory resources, and ultimately crash by sending a specially crafted request packet." ], "acknowledgement": "Red Hat would like to thank the FreeRADIUS project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "freeradius 3.0.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10985\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10985\nhttp://freeradius.org/security/fuzzer-2017.html" ], "name": "CVE-2017-10985", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-01T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.", "An incorrect boundary check was found in the way squid handled the Vary header in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "squid 3.5.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3948\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3948\nhttp://www.squid-cache.org/Advisories/SQUID-2016_4.txt" ], "name": "CVE-2016-3948", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-05T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-662->CWE-300", "details": [ "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.", "An information leak flaw was found in the wathe PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed." ], "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Stephen Frost as the original reporter.", "upstream_fix": "postgresql 9.0.19, postgresql 9.1.15, postgresql 9.2.10, postgresql 9.3.6, postgresql 9.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8161\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8161\nhttp://www.postgresql.org/about/news/1569/" ], "name": "CVE-2014-8161", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.", "A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions." ], "statement": "Based on the the fact that digest authentication is rarely used in modern day web applications and httpd package shipped with Red Hat products do not ship threaded MPM configuration by default, this flaw has been rated as having Moderate level security impact. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "httpd 2.4.39", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-0217\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0217\nhttp://www.apache.org/dist/httpd/CHANGES_2.4\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2019-0217", "mitigation": { "value": "This flaw only affects a threaded server configuration, so using the prefork MPM is an effective mitigation. In versions of httpd package shipped with Red Hat Enterprise Linux 7, the prefork MPM is the default configuration.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.", "A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0477\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0477\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0477", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-776", "details": [ "The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack." ], "statement": "Red Hat JBoss SOA Platform 5 is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes; and Red Hat JBoss SOA Platform 4.3 is now in Extended Life Support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware Product Life Cycle: https://access.redhat.com/support/policy/updates/jboss_notes/", "upstream_fix": "jruby 1.7.16.1, ruby 1.9.3-p550, ruby 2.0.0-p594, ruby 2.1.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8080\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8080\nhttps://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/" ], "name": "CVE-2014-8080", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.", "An information leak flaw was found in the 2D component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2632\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2632\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2632", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-14T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.", "An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested." ], "upstream_fix": "openssh 7.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1908\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1908" ], "name": "CVE-2016-1908", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-89", "details": [ "A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.", "A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function." ], "statement": "Red Hat Virtualization Management Appliance included affected versions of postgresql, however no custom SECURITY DEFINER functions are declared so this vulnerability can not be exploited in the default configuration.", "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Tom Lane as the original reporter.", "upstream_fix": "postgresql 11.5, postgresql 10.10, postgresql 9.6.15, postgresql 9.5.19, postgresql 9.4.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10208\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10208\nhttps://www.postgresql.org/about/news/1960/" ], "name": "CVE-2019-10208", "mitigation": { "value": "If your use case requires SECURITY DEFINER functions, please follow the advice below to write them safely so they do not rely on search_path and restrict the set of users which can access them.\nhttps://www.postgresql.org/docs/devel/sql-createfunction.html#SQL-CREATEFUNCTION-SECURITY", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.", "A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4344\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4344" ], "name": "CVE-2014-4344", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-03-29T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server.", "A memory leak flaw was found in the way TigerVNC handled termination of VeNCrypt connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7392\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7392" ], "name": "CVE-2017-7392", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4760\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4760\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4760", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).", "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data." ], "upstream_fix": "httpd 2.2.32, httpd 2.4.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4975\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4975\nhttps://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975\nhttps://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975" ], "name": "CVE-2016-4975", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2821\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2821" ], "name": "CVE-2019-2821", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-04-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-41", "details": [ "A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "httpd 2.4.39", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-0220\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0220\nhttp://www.apache.org/dist/httpd/CHANGES_2.4\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2019-0220", "mitigation": { "value": "This flaw can be mitigation by replacing multiple consecutive slashes, used in directives that match against the path component of the request URL with regular expressions.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2024-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.", "A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "upstream_fix": "xorg-server 21.1.12, xwayland 23.2.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-31083\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-31083" ], "name": "CVE-2024-31083", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2024-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.", "A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a moderate severity.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-9632\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-9632" ], "name": "CVE-2024-9632", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.", "A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used." ], "statement": "The Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a moderate severity.", "acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.", "upstream_fix": "xorg-server 21.1.11, xwayland 23.2.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6816\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6816" ], "name": "CVE-2023-6816", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.", "An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets." ], "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6302\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6302\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-6302", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-15T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10165\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10165" ], "name": "CVE-2016-10165", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2663\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2663" ], "name": "CVE-2018-2663", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4860\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4860\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4860", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10107\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10107" ], "name": "CVE-2017-10107", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6." ], "statement": "This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "rubygems 2.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000075\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000075\nhttps://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/" ], "name": "CVE-2018-1000075", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-02-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).", "It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges." ], "statement": "This vulnerability is present in Red Hat Virtualization Hypervisor and Management Appliance, however it can only be exploited locally. Since these systems do not typically have local user accounts, this issue has been rated Moderate severity for Red Hat Virtualization 4.", "acknowledgement": "Red Hat would like to thank Chris Coulson (Ubuntu Security) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6454\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6454" ], "name": "CVE-2019-6454", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-12-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-253->CWE-617", "details": [ "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "A flaw was found in Squid due to an incorrect check of the return value in the helper process management. This issue may allow attackers to perform remote denial of service." ], "statement": "The only security impact of this vulnerability is a remote denial of service. For this reason, this flaw was rated with an important, and not critical, severity.", "upstream_fix": "squid 6.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-49286\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-49286" ], "name": "CVE-2023-49286", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in Artifex Ghostscript before 9.25. Incorrect \"restoration of privilege\" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction. This is due to an incomplete fix for CVE-2018-16509." ], "statement": "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 7. This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 5 and 6.", "upstream_fix": "ghostscript 9.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16802\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16802" ], "name": "CVE-2018-16802", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-05-13T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-119", "details": [ "A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Writing arbitrary bytes to a wide area of server memory can provide a powerful primitive that could ultimately lead to remote code execution. For this reason this flaw has been rated as having a security impact of Important. The versions of `postgresql` as shipped with Red Hat Enterprise Linux 7, 8 and Red Hat Software Collections are all affected by this flaw. A future update may address this issue.", "acknowledgement": "Upstream acknowledges Tom Lane as the original reporter.", "upstream_fix": "postgresql 13.3, postgresql 12.7, postgresql 11.12, postgresql 10.17, postgresql 9.6.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-32027\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-32027\nhttps://www.postgresql.org/support/security/CVE-2021-32027/" ], "name": "CVE-2021-32027", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-13T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-863", "details": [ "The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.", "It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8325\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8325" ], "name": "CVE-2015-8325", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.", "It was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5355\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5355" ], "name": "CVE-2014-5355", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-456", "details": [ "In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.", "It was discovered that ghostscript did not properly verify the key used in aesdecode. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document." ], "statement": "This issue did affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7. \nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15911\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15911\nhttps://www.kb.cert.org/vuls/id/332928" ], "name": "CVE-2018-15911", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21365\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21365" ], "name": "CVE-2022-21365", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-30T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information." ], "statement": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.", "acknowledgement": "Red Hat would like to thank Alejandro Cabrera Aldaya (Universidad Tecnologica de la Habana CUJAE; Cuba), Billy Bob Brumley, Cesar Pereida Garcia, Nicola Tuveri (Tampere University of Technology; Finland), and Sohaib ul Hassan for reporting this issue.", "upstream_fix": "openssl 1.1.0i, openssl 1.1.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5407\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5407\nhttps://github.com/bbbrumley/portsmash\nhttps://www.openssl.org/news/secadv/20181112.txt" ], "name": "CVE-2018-5407", "mitigation": { "value": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4883\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4883\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4883", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-03-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-444", "details": [ "BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.", "A cache poisoning vulnerability was found in BIND when using forwarders. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This issue causes it to obtain and pass on potentially incorrect answers. This flaw allows a remote high privileged attacker to manipulate cache results with incorrect records, leading to queries made to the wrong servers, possibly resulting in false information received on the client's end." ], "statement": "Versions of BIND shipped with Red Hat Enterprise Linux 8, 9 are affected, because vulnerable code is present in our code base.\nFor RHEL-9, DHCP uses the vulnerable BIND 9 libraries (bind-9.11.14) for some services. Hence, it is affected as well.\nAuthoritative - Only BIND 9 servers are not vulnerable to this flaw.", "acknowledgement": "Upstream acknowledges Baojun Liu (Network and Information Security Lab, Tsinghua University), Changgen Zou (Qi An Xin Group Corp), Chaoyi Lu (Network and Information Security Lab, Tsinghua University), and Xiang Li (Network and Information Security Lab, Tsinghua University) as the original reporters.", "upstream_fix": "bind 9.11.37, bind 9.16.27, bind 9.18.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-25220\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-25220\nhttps://kb.isc.org/docs/CVE-2021-25220" ], "name": "CVE-2021-25220", "mitigation": { "value": "If applicable, modify your configuration to either remove all forwarding or all possibility of recursion. Depending on your use case, it may be possible to use other zone types to replace forward zones.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2842\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2842" ], "name": "CVE-2019-2842", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-59", "details": [ "Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.", "Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine." ], "statement": "Red Hat Enterprise Linux 6 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Pedro Barbosa (Red Hat) and the PostgreSQL project. Upstream acknowledges Antoine Scemama (Brainloop) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15097\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15097" ], "name": "CVE-2017-15097", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3261\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3261" ], "name": "CVE-2017-3261", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-14T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.", "A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options." ], "acknowledgement": "Red Hat would like to thank Qualys for reporting this issue.", "upstream_fix": "openssh 7.1p2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0778\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0778\nhttp://www.openssh.com/txt/release-7.1p2\nhttps://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt" ], "name": "CVE-2016-0778", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21340\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21340" ], "name": "CVE-2022-21340", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-07T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-456->CWE-617", "details": [ "name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.", "A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure." ], "statement": "This issue did not affect the versions of bind packages as shipped with Red Hat Enterprise Linux 4 and 5. This issue affects the versions of bind97 packages as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Important security impact and is not currently planned to be addressed in future bind97 packages updates in Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "BIND 9.9.7-P1, BIND 9.10.2-P2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4620\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4620\nhttps://kb.isc.org/article/AA-01267/" ], "name": "CVE-2015-4620", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-665", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4805\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4805\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4805", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-08T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.", "A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash." ], "statement": "This issue does not affect the version of openssl097a as shipped with Red Hat Enterprise Linux 5. This issue affects the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact and does not plan to address this flaw for the above components in any future security updates.\nThis issue affects the version of openssl as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "OpenSSL 1.0.1k, OpenSSL 1.0.0p, OpenSSL 0.9.8zd", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3571\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3571\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2014-3571", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-01-16T20:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-20921\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-20921\nhttps://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA" ], "name": "CVE-2024-20921", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.", "A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a moderate severity.", "acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.", "upstream_fix": "xorg-server 21.1.11, xwayland 23.2.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21885\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21885" ], "name": "CVE-2024-21885", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.", "A flaw was found in RubyGems. A crafted gem with a multi-line name is not handled correctly allowing an attacker to inject arbitrary code to the stub line of gemspec. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8324\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8324\nhttps://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html\nhttps://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/" ], "name": "CVE-2019-8324", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-03T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-697->CWE-305", "details": [ "The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial \"kadmind\" substring, as demonstrated by a \"ka/x\" principal.", "It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as \"kad/x\") could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank MIT Kerberos project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9422\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9422\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt" ], "name": "CVE-2014-9422", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-06-02T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an \"I/O vector array overrun.\"", "It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue does affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5, 6, and 7, and Red Hat Enterprise MRG 2. Future Linux\nkernel updates for the respective releases will address this issue.", "acknowledgement": "This issue was discovered by Red Hat.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1805\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1805" ], "name": "CVE-2015-1805", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-456", "details": [ "In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.", "A flaw was found in Apache's HTTP server (httpd) .The mod_proxy_ftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality." ], "statement": "This flaw is caused by use of an uninitialized memory variable. Practically this has no impact, but in some corner cases it is possible that the contents of this variable could be read by a remote process, causing loss of confidentiality as a result of this. There is no evidence of code execution.", "upstream_fix": "httpd 2.4.42", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1934\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1934\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2020-1934", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-28T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-456->CWE-617", "details": [ "named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.", "A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter.", "upstream_fix": "bind 9.9.7-P2, bind 9.10.2-P3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5477\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5477\nhttps://access.redhat.com/solutions/1548963\nhttps://kb.isc.org/article/AA-01272" ], "name": "CVE-2015-5477", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2978\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2978" ], "name": "CVE-2019-2978", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-787", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21291\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21291" ], "name": "CVE-2022-21291", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-401", "details": [ "The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.", "A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash." ], "upstream_fix": "openssl 0.9.8zh, openssl 1.0.0t, openssl 1.0.1q, openssl 1.0.2e", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3195\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3195\nhttps://openssl.org/news/secadv/20151203.txt" ], "name": "CVE-2015-3195", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-10-18T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21626\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21626" ], "name": "CVE-2022-21626", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2999\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2999" ], "name": "CVE-2019-2999", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-07-19T20:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-192", "details": [ "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-34169\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-34169" ], "name": "CVE-2022-34169", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Infinite read in dhcp_attr2vp()\" and a denial of service.", "An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request." ], "acknowledgement": "Red Hat would like to thank the FreeRADIUS project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "freeradius 3.0.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10986\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10986\nhttp://freeradius.org/security/fuzzer-2017.html" ], "name": "CVE-2017-10986", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-04-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-158", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21938\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21938" ], "name": "CVE-2023-21938", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-20T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.", "It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack." ], "upstream_fix": "httpd 2.4.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0736\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0736\nhttps://httpd.apache.org/security/vulnerabilities_24.html#2.4.25\nhttps://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt" ], "name": "CVE-2016-0736", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-16T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.", "A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL." ], "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue.", "upstream_fix": "postgresql 9.0.19, postgresql 9.1.15, postgresql 9.2.10, postgresql 9.3.6, postgresql 9.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0241\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0241\nhttp://www.postgresql.org/about/news/1569/" ], "name": "CVE-2015-0241", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.", "It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Juraj Somorovsky as the original reporter.", "upstream_fix": "openssl 1.0.1t, openssl 1.0.2h", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2107\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2107\nhttps://openssl.org/news/secadv/20160503.txt" ], "name": "CVE-2016-2107", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-88", "details": [ "An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8325\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8325" ], "name": "CVE-2019-8325", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10116\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10116" ], "name": "CVE-2017-10116", "csaw": false }, { "threat_severity": "Critical", "public_date": "2023-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.", "Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication." ], "upstream_fix": "squid 6.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-46847\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-46847\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g" ], "name": "CVE-2023-46847", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-18T13:59:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected." ], "statement": "This flaw appears to be exploitable only when debug logging is enabled and set to at least a level of 10. As this configuration should be rare in production instances of bind, it is unlikely that most servers will be exploitable. The debug level of the bind server can be checked via the rndc status command, which will return the current trace level as \"debug level\". A value of 10 or above would most likely make this flaw exploitable.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5742\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5742\nhttps://www.openwall.com/lists/oss-security/2018/12/19/6" ], "name": "CVE-2018-5742", "mitigation": { "value": "Ensure that debug logging is disabled and set to 0. This can be verified on the Bind server by the rndc status command.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-23T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-358", "details": [ "Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.", "An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0636\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0636" ], "name": "CVE-2016-0636", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-12-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.", "A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL." ], "upstream_fix": "openssl 1.0.0t, openssl 1.0.1p, openssl 1.0.2d", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3196\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3196\nhttps://openssl.org/news/secadv/20151203.txt" ], "name": "CVE-2015-3196", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35565\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35565" ], "name": "CVE-2021-35565", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-09T18:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-125->CWE-200", "details": [ "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data." ], "statement": "This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nRed Hat Virtualization Hypervisor and Management Appliance include vulnerable versions of systemd. However, since exploitation requires local access and impact is restricted to information disclosure, this flaw is rated as having a security issue of Low. Future updates may address this issue.", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16866\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16866\nhttps://www.qualys.com/2019/01/09/system-down/system-down.txt" ], "name": "CVE-2018-16866", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-02-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch", "A buffer overflow flaw was found in the SPNEGO implementation used by BIND. This flaw allows a remote attacker to cause the named process to crash or possibly perform remote code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement": "BIND servers shipped with Red Hat Enterprise Linux are compiled with GSS-TSIG and are therefore affected by this flaw. However, these BIND packages use the default settings and are not vulnerable by default.", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Trend Micro Zero Day Initiative as the original reporter.", "upstream_fix": "bind 9.11.28, bind 9.16.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8625\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8625\nhttps://kb.isc.org/docs/cve-2020-8625" ], "name": "CVE-2020-8625", "mitigation": { "value": "As per upstream:\nBIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features.\nIn a configuration which uses BIND's default settings, the vulnerable code path is NOT exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options.\nAlthough the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers.\nThis vulnerability only affects servers configured to use GSS-TSIG, most often to sign dynamic updates. If another mechanism can be used to authenticate updates, the vulnerability can be avoided by choosing not to enable the use of GSS-TSIG features.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-03T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-212", "details": [ "The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.", "An information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS implementation (libgssrpc) handled certain requests. An attacker could send a specially crafted request to an application using libgssrpc to disclose a limited portion of uninitialized memory used by that application." ], "statement": "This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 5 and 6 as the flaw was introduced in a later version (1.11).", "acknowledgement": "Red Hat would like to thank MIT Kerberos project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9423\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9423\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt" ], "name": "CVE-2014-9423", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-01-16T20:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-20926\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-20926\nhttps://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA" ], "name": "CVE-2024-20926", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-522", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2949\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2949" ], "name": "CVE-2019-2949", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10356\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10356" ], "name": "CVE-2017-10356", "csaw": false } ]